Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nM0h824cc3.exe

Overview

General Information

Sample name:nM0h824cc3.exe
renamed because original name is a hash value
Original sample name:44a8228720ef89ddef7843dd2093fa37.exe
Analysis ID:1578954
MD5:44a8228720ef89ddef7843dd2093fa37
SHA1:4287d9be9e21bb2ff2c1d9a8ae7e82da87bc993d
SHA256:eab8ff0d42ac0cf7dc6664b52e6fb6a5889576b96e74328da78b1263f97214ab
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • nM0h824cc3.exe (PID: 7888 cmdline: "C:\Users\user\Desktop\nM0h824cc3.exe" MD5: 44A8228720EF89DDEF7843DD2093FA37)
    • taskkill.exe (PID: 7952 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 8084 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 8092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 8148 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 8156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7208 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7316 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 1636 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 5924 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 5632 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7772 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25358 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e51040-7af1-400c-a3b0-8714369a1c57} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 1760c06d310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8200 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3928 -parentBuildID 20230927232528 -prefsHandle 3672 -prefMapHandle 3884 -prefsLen 26373 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f59c0ddb-254f-4dbd-9d51-30a0b23a1a2f} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 1761e357610 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8840 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5016 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 33184 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35f57696-847d-47df-824e-7c23c7b21619} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 17624260110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: nM0h824cc3.exe PID: 7888JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: nM0h824cc3.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: nM0h824cc3.exeReversingLabs: Detection: 34%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
    Machine Learning detection for sample
    Source: nM0h824cc3.exeJoe Sandbox ML: detected
    Source: nM0h824cc3.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.10:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.10:49738 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49747 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49762 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49782 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49821 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.10:49822 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.10:49825 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.10:49830 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49831 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49832 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49901 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49908 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49909 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49910 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.1419923442.0000017628806000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.1453593808.000001761969C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.1453593808.000001761969C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.1451742212.0000017619690000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.1419923442.0000017628806000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.1451742212.0000017619690000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008FDBBE
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008CC2A2 FindFirstFileExW,0_2_008CC2A2
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_009068EE FindFirstFileW,FindClose,0_2_009068EE
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0090698F
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD076
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD3A9
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00909642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00909642
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0090979D
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00909B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00909B2B
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00905C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00905C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 227MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0090CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.1407226423.00000176260F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1518739970.0000017627FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1463030570.0000017627FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1445668501.0000017624464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1505662016.0000017624464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1447060250.000001761FB6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1380056662.000001761D2BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1528150191.000001761D2BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1518739970.0000017627FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1463030570.0000017627FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1445668501.0000017624464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1505662016.0000017624464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1447060250.000001761FB6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000002.3166771696.000001C286203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167735063.000001CF96F0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000002.3166771696.000001C286203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167735063.000001CF96F0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000012.00000002.3166771696.000001C286203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167735063.000001CF96F0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1518739970.0000017627FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1463030570.0000017627FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://63b8d1fe-2818-4af4-9d2c-02d7e2688d62/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1380056662.000001761D2BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1518739970.0000017627FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1463030570.0000017627FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1544953023.000001761E928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1528150191.000001761D2DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1493192759.000001761E91C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1518826509.0000017624247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1388946864.0000017624247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1422040805.000001761968B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1422040805.000001761968B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.1530699112.000001761CCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1522552259.000001761D9C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1445386229.00000176244A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1527774947.000001761D3ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1489782638.000001761F4FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.1463030570.0000017627F76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1527774947.000001761D3ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.1530863839.000001761C57F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.1510155888.0000017627FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525286069.000001761D95D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000E.00000003.1562238266.000001761D784000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464427618.000001761D784000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400593063.000001761D737000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465983323.000001761D5EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465598813.000001761D737000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400593063.000001761D784000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000E.00000003.1564914595.000001761BD04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1403158417.000001761D0C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1399795899.000001761CDF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1379299681.000001761E3AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1360053833.000001761CDDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1508661062.000001761CDEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543974137.000001761F3D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1490892466.000001761F3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1360053833.000001761CDF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1403497947.000001761DBE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1500336218.000001761C1D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1402522472.000001761F7D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1493192759.000001761E997000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1516483267.000001761CDF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467132977.000001761FAD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1445775119.0000017624446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1489235669.000001761F910000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1489235669.000001761F98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563601178.000001761CD27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.1562238266.000001761D784000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1464427618.000001761D784000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400593063.000001761D737000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465983323.000001761D5EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465598813.000001761D737000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400593063.000001761D784000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1422040805.000001761968B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.1446851831.000001761FB9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
    Source: firefox.exe, 0000000E.00000003.1446851831.000001761FB9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.1446851831.000001761FB9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.1519883547.000001761E624000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.1526302857.000001761DA13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1379299681.000001761E3D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521471345.000001761DA13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1488417867.0000017627DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1531718754.000001761C224000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1495312350.000001761E782000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536109763.0000017627DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1510559047.000001761E3D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000E.00000003.1531718754.000001761C224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulE
    Source: firefox.exe, 00000012.00000002.3172369857.000001C286FFC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1376606840.000001C286FFC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000003.1377510078.000001C286FFC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.1446851831.000001761FB9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1503420169.0000017627D83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627D83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.1446851831.000001761FB9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1503420169.0000017627D83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627D83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353936524.000001761BD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.1379299681.000001761E388000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1510559047.000001761E388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536955453.0000017627B53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.1445386229.00000176244A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1540001524.000001761F9E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F93B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519155655.000001761F947000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000E.00000003.1493192759.000001761E91C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1388946864.0000017624247000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619ADB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.1511531365.000001761DAA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1526092401.000001761DAA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1514524756.000001761DAA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000E.00000003.1528150191.000001761D2DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1380056662.000001761D2DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1390886617.000001761D2DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.1525016582.000001761FBB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.1538917467.00000176244E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1445386229.00000176244DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
    Source: firefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
    Source: firefox.exe, 0000000E.00000003.1536955453.0000017627B53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1406754380.00000176260E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1406651478.00000176260E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1405556881.00000176260D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1405556881.00000176260C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1406651478.00000176260E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.1472561088.0000017624683000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1405556881.00000176260D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1405556881.00000176260C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.1405556881.00000176260C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.1353829997.000001761BD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353936524.000001761BD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.1537124927.0000017624557000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
    Source: firefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.1445386229.00000176244DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1505662016.0000017624464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1539026603.000001762447A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1520075404.000001761DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.1407226423.00000176260F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525286069.000001761D95D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000E.00000003.1509828771.000001761CD30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.1353829997.000001761BD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353936524.000001761BD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1511451438.000001761DABE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.1444564295.0000017627D83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96F13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.1387314606.000001761C474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 0000000E.00000003.1387314606.000001761C474000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1381925956.000001761C436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.1444564295.0000017627D76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1527985590.000001761D3B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1445775119.0000017624424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96F13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000012.00000002.3166771696.000001C28622F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167735063.000001CF96F30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F93B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519155655.000001761F947000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.1540576411.000001761F991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F93B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519155655.000001761F947000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F93B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519155655.000001761F947000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F93B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519155655.000001761F947000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.1459342974.000001761FA2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.1459342974.000001761FA2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.1353829997.000001761BD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353936524.000001761BD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.1488417867.0000017627DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536109763.0000017627DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F910000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.1407226423.00000176260F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523697882.0000017627B13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.1515201710.000001761DA41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.1519003803.000001761FB0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.1490239348.000001761F447000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/41f64e21-cbc2-4f5d-b4c1-3ebf4
    Source: firefox.exe, 0000000E.00000003.1463030570.0000017627F6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/51d293da-d4fd-4e19-bae7-4d85
    Source: firefox.exe, 0000000E.00000003.1518739970.0000017627FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1463030570.0000017627FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/b874b0a1-8f63-48ab
    Source: firefox.exe, 0000000E.00000003.1518739970.0000017627FAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1463030570.0000017627FAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/c7f3ece6-bbe0-4af9
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F93B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519155655.000001761F947000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1537124927.0000017624532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397155474.000001761D74B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000E.00000003.1530366870.000001761D134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1380056662.000001761D22B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1530366870.000001761D134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.1490892466.000001761F3A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1537124927.0000017624593000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.1490892466.000001761F3A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.1407226423.00000176260F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96F8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1403497947.000001761DBE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.1403497947.000001761DBE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000E.00000003.1403497947.000001761DBE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.1488417867.0000017627DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536109763.0000017627DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627DBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F910000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619AB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
    Source: firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1509828771.000001761CD30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000E.00000003.1527087154.000001761D679000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.1445386229.00000176244DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96F13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.1540716199.000001761F69D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1526598645.000001761D930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1530366870.000001761D134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 00000013.00000002.3167735063.000001CF96FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.1528150191.000001761D2DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1380056662.000001761D2DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1390886617.000001761D2DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.1537124927.00000176245FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532299453.0000017619AB7000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.1511451438.000001761DABE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1503420169.0000017627D83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1545945688.000001761E89F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627D83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.1521065006.000001761DA38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.1460159015.0000017628CBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1526302857.000001761DA21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1463030570.0000017627F6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619AC9000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000E.00000003.1462268356.000001761EAAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.1543861023.000001761F44E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1490239348.000001761F447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.1526598645.000001761D924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
    Source: places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJp
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619ADB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000E.00000003.1394050860.000001761D5EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.1495563734.000001761E6C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.1489235669.000001761F910000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519003803.000001761FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1539886610.000001761FB20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.1505662016.0000017624464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
    Source: firefox.exe, 0000000E.00000003.1505662016.0000017624464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1511451438.000001761DABE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1542150082.000001761F47A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000E.00000003.1422171412.0000017619688000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBFB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.1378360360.000001761FC15000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1376682889.000001762430A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.1353829997.000001761BD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353936524.000001761BD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.1353829997.000001761BD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353936524.000001761BD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1490239348.000001761F474000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1528911181.000001761D245000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1542150082.000001761F47A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1391913308.000001761D5EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1403497947.000001761DBE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.1403497947.000001761DBE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
    Source: firefox.exe, 0000000E.00000003.1525286069.000001761D95D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.1537124927.00000176245FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519096918.000001761F9FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1529042111.000001761D1B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1529042111.000001761D1B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.1526598645.000001761D924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
    Source: firefox.exe, 0000000E.00000003.1387314606.000001761C474000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1381925956.000001761C436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536955453.0000017627B53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000E.00000003.1526598645.000001761D924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
    Source: firefox.exe, 0000000E.00000003.1521065006.000001761DA38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.1530863839.000001761C5A4000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.1503479398.0000017627D5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532299453.0000017619AC9000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000E.00000003.1521065006.000001761DA38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.1532299453.0000017619AC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1445775119.0000017624424000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000E.00000003.1526598645.000001761D924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon-196x196.2af054fea211.png
    Source: firefox.exe, 0000000E.00000003.1526598645.000001761D924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon.d25d81d39065.icox
    Source: firefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167735063.000001CF96FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.1446684732.000001761FBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.1503479398.0000017627D5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532299453.0000017619AC9000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.1490892466.000001761F3AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1519003803.000001761FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1539886610.000001761FB20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.1505662016.0000017624464000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.1495563734.000001761E6C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000E.00000003.1407178390.00000176260F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523760332.00000176278DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000E.00000003.1447060250.000001761FB6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C286203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167735063.000001CF96F0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.1519003803.000001761FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1539886610.000001761FB20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000E.00000003.1542150082.000001761F47A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1530699112.000001761CCC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1494909792.000001761E7CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.1493192759.000001761E91C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1379299681.000001761E388000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1511147216.000001761E1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1510559047.000001761E388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000013.00000002.3170478748.000001CF970E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/chal
    Source: firefox.exe, 00000010.00000002.3167081296.000001E99DE50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/chal1=
    Source: firefox.exe, 0000000E.00000003.1494909792.000001761E7CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3166690896.000001E99DD0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3166690896.000001E99DD00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3167081296.000001E99DE54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3170179852.000001C286374000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166212901.000001C285FB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166212901.000001C285FBA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3170478748.000001CF970E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167023527.000001CF96C80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167023527.000001CF96C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.1341825314.00000247FE157000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1348191704.00000261865E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000010.00000002.3166690896.000001E99DD00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3167081296.000001E99DE54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3170179852.000001C286374000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166212901.000001C285FB0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3170478748.000001CF970E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167023527.000001CF96C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 0000000E.00000003.1494909792.000001761E7CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com2
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
    Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.10:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.10:49738 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49747 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49762 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49782 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49821 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.10:49822 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.10:49825 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.10:49830 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49831 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.10:49832 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49902 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49901 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49908 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49909 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.10:49910 version: TLS 1.2
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0090EAFF
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0090ED6A
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0090EAFF
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_008FAA57
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00929576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00929576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: nM0h824cc3.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: nM0h824cc3.exe, 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_22894ff1-0
    Source: nM0h824cc3.exe, 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_ec202788-8
    Source: nM0h824cc3.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_aa7d56e6-f
    Source: nM0h824cc3.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_1095d44e-c
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001C2868545F7 NtQuerySystemInformation,18_2_000001C2868545F7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001C286873072 NtQuerySystemInformation,18_2_000001C286873072
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_008FD5EB
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008F1201
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_008FE8F6
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_009020460_2_00902046
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008980600_2_00898060
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008F82980_2_008F8298
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008CE4FF0_2_008CE4FF
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008C676B0_2_008C676B
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_009248730_2_00924873
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008BCAA00_2_008BCAA0
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0089CAF00_2_0089CAF0
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008ACC390_2_008ACC39
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008C6DD90_2_008C6DD9
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008991C00_2_008991C0
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008AB1190_2_008AB119
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B13940_2_008B1394
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B17060_2_008B1706
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B781B0_2_008B781B
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B19B00_2_008B19B0
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008979200_2_00897920
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008A997D0_2_008A997D
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B7A4A0_2_008B7A4A
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B7CA70_2_008B7CA7
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B1C770_2_008B1C77
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008C9EEE0_2_008C9EEE
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0091BE440_2_0091BE44
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B1F320_2_008B1F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001C2868545F718_2_000001C2868545F7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001C28687307218_2_000001C286873072
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001C2868730B218_2_000001C2868730B2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001C28687379C18_2_000001C28687379C
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: String function: 00899CB3 appears 31 times
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: String function: 008AF9F2 appears 40 times
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: String function: 008B0A30 appears 46 times
    Source: nM0h824cc3.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/41@68/12
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_009037B5 GetLastError,FormatMessageW,0_2_009037B5
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008F10BF AdjustTokenPrivileges,CloseHandle,0_2_008F10BF
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008F16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008F16C3
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_009051CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_009051CD
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_008FD4DC
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0090648E
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008942A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008942A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7960:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7424:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7232:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8156:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8092:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: nM0h824cc3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627DA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1488417867.0000017627DA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.1488417867.0000017627DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627DBA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.1505376953.0000017627BF7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536631689.0000017627BF7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: nM0h824cc3.exeReversingLabs: Detection: 34%
    Source: unknownProcess created: C:\Users\user\Desktop\nM0h824cc3.exe "C:\Users\user\Desktop\nM0h824cc3.exe"
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25358 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e51040-7af1-400c-a3b0-8714369a1c57} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 1760c06d310 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3928 -parentBuildID 20230927232528 -prefsHandle 3672 -prefMapHandle 3884 -prefsLen 26373 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f59c0ddb-254f-4dbd-9d51-30a0b23a1a2f} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 1761e357610 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5016 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 33184 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35f57696-847d-47df-824e-7c23c7b21619} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 17624260110 utility
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25358 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e51040-7af1-400c-a3b0-8714369a1c57} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 1760c06d310 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3928 -parentBuildID 20230927232528 -prefsHandle 3672 -prefMapHandle 3884 -prefsLen 26373 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f59c0ddb-254f-4dbd-9d51-30a0b23a1a2f} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 1761e357610 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5016 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 33184 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35f57696-847d-47df-824e-7c23c7b21619} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 17624260110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: nM0h824cc3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: nM0h824cc3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: nM0h824cc3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: nM0h824cc3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: nM0h824cc3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: nM0h824cc3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: nM0h824cc3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.1419923442.0000017628806000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.1453593808.000001761969C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.1453593808.000001761969C000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.1451742212.0000017619690000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.1419923442.0000017628806000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.1451742212.0000017619690000.00000004.00000020.00020000.00000000.sdmp
    Source: nM0h824cc3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: nM0h824cc3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: nM0h824cc3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: nM0h824cc3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: nM0h824cc3.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B0A76 push ecx; ret 0_2_008B0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008AF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_008AF98E
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00921C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00921C41
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\nM0h824cc3.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96569
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001C2868545F7 rdtsc 18_2_000001C2868545F7
    Source: C:\Users\user\Desktop\nM0h824cc3.exeAPI coverage: 3.9 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008FDBBE
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008CC2A2 FindFirstFileExW,0_2_008CC2A2
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_009068EE FindFirstFileW,FindClose,0_2_009068EE
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0090698F
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD076
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008FD3A9
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00909642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00909642
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0090979D
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00909B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00909B2B
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00905C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00905C97
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
    Source: firefox.exe, 00000012.00000002.3171473855.000001C286910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^R[
    Source: nM0h824cc3.exe, 00000000.00000003.1377567342.0000000001822000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1377869074.0000000001842000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1377470603.000000000181D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW{{<
    Source: firefox.exe, 00000010.00000002.3166690896.000001E99DD0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3172030448.000001E99E640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
    Source: firefox.exe, 00000010.00000002.3172030448.000001E99E640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
    Source: nM0h824cc3.exe, 00000000.00000003.1377567342.0000000001822000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1377869074.0000000001842000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1378522894.0000000001855000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1377470603.000000000181D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3166690896.000001E99DD0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166212901.000001C285FBA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3171473855.000001C286910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: nM0h824cc3.exe, 00000000.00000003.1306348488.0000000001865000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1304820392.0000000001861000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1304115035.0000000001865000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1305982066.0000000001861000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1305812106.0000000001861000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1303516456.000000000185F000.00000004.00000020.00020000.00000000.sdmp, nM0h824cc3.exe, 00000000.00000003.1304448500.0000000001861000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllHH@G
    Source: firefox.exe, 00000010.00000002.3171384234.000001E99E21D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000012.00000002.3171473855.000001C286910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllIVB
    Source: firefox.exe, 00000010.00000002.3172030448.000001E99E640000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3171473855.000001C286910000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 00000013.00000002.3167023527.000001CF96C8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpU
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000001C2868545F7 rdtsc 18_2_000001C2868545F7
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_0090EAA2 BlockInput,0_2_0090EAA2
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008C2622
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B4CE8 mov eax, dword ptr fs:[00000030h]0_2_008B4CE8
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008F0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008C2622
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008B083F
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B09D5 SetUnhandledExceptionFilter,0_2_008B09D5
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008B0C21
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008F1201
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008D2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_008D2BA5
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008FB226 SendInput,keybd_event,0_2_008FB226
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_009122DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_009122DA
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008F0B62
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008F1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_008F1663
    Source: nM0h824cc3.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: nM0h824cc3.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.1423698693.0000017628806000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008B0698 cpuid 0_2_008B0698
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008ED21C GetLocalTime,0_2_008ED21C
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008ED27A GetUserNameW,0_2_008ED27A
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008CB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_008CB952
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_008942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008942DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: nM0h824cc3.exe PID: 7888, type: MEMORYSTR
    Source: nM0h824cc3.exeBinary or memory string: WIN_81
    Source: nM0h824cc3.exeBinary or memory string: WIN_XP
    Source: nM0h824cc3.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: nM0h824cc3.exeBinary or memory string: WIN_XPe
    Source: nM0h824cc3.exeBinary or memory string: WIN_VISTA
    Source: nM0h824cc3.exeBinary or memory string: WIN_7
    Source: nM0h824cc3.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: nM0h824cc3.exe PID: 7888, type: MEMORYSTR
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00911204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00911204
    Source: C:\Users\user\Desktop\nM0h824cc3.exeCode function: 0_2_00911806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00911806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578954 Sample: nM0h824cc3.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 nM0h824cc3.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 234 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.110, 443, 49728, 49729 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49730, 49737, 49746 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    nM0h824cc3.exe34%ReversingLabsWin32.Trojan.Generic
    nM0h824cc3.exe100%AviraTR/ATRAPS.Gen
    nM0h824cc3.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.129
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.193.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.110
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		216.58.208.238
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.129.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.170
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000013.00000002.3167735063.000001CF96FC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.1463030570.0000017627F76000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.1407226423.00000176260F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1525286069.000001761D95D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                              		high
                                                                              https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000013.00000002.3167735063.000001CF96F8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.1540716199.000001761F69D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1526598645.000001761D930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1530366870.000001761D134000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000E.00000003.1505376953.0000017627BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpgfirefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                            		high
                                                                                            https://screenshots.firefox.comfirefox.exe, 0000000E.00000003.1532299453.0000017619AB7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.1532299453.0000017619AE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.1353829997.000001761BD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353936524.000001761BD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.1528150191.000001761D2DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1380056662.000001761D2DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1390886617.000001761D2DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700firefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                        		high
                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.1505662016.0000017624464000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1511451438.000001761DABE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1542150082.000001761F47A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.msn.comfirefox.exe, 0000000E.00000003.1490892466.000001761F3AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.1353829997.000001761BD3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353936524.000001761BD5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353697017.000001761BD1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1353502818.000001761BB00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1354062333.000001761BD77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&ctafirefox.exe, 00000010.00000002.3168483982.000001E99E0C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C2862E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3171128285.000001CF97203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                            		high
                                                                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://youtube.com2firefox.exe, 0000000E.00000003.1494909792.000001761E7CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://youtube.com/firefox.exe, 0000000E.00000003.1493192759.000001761E91C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1379299681.000001761E388000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1511147216.000001761E1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1510559047.000001761E388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.1529042111.000001761D1E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.instagram.com/firefox.exe, 0000000E.00000003.1403497947.000001761DBE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.amazon.com/firefox.exe, 0000000E.00000003.1505662016.0000017624464000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.youtube.com/firefox.exe, 0000000E.00000003.1447060250.000001761FB6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3166771696.000001C286203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3167735063.000001CF96F0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.1405556881.00000176260E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.1529042111.000001761D1DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000013.00000002.3167735063.000001CF96FC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://127.0.0.1:firefox.exe, 0000000E.00000003.1518826509.0000017624247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1388946864.0000017624247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.1405556881.00000176260C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.1509828771.000001761CD30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://bugzilla.mofirefox.exe, 0000000E.00000003.1536955453.0000017627B53000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://spocs.getpocket.com/firefox.exe, 00000013.00000002.3167735063.000001CF96F13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.iqiyi.com/firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.14.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.1489191196.000001761F9EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.1529042111.000001761D1BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJpfirefox.exe, 0000000E.00000003.1532299453.0000017619AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.1564914595.000001761BD04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1403158417.000001761D0C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1399795899.000001761CDF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1379299681.000001761E3AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1360053833.000001761CDDB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1508661062.000001761CDEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543974137.000001761F3D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1490892466.000001761F3C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1360053833.000001761CDF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1403497947.000001761DBE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1500336218.000001761C1D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1402522472.000001761F7D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1493192759.000001761E997000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1516483267.000001761CDF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467132977.000001761FAD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1445775119.0000017624446000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1489235669.000001761F910000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1489235669.000001761F98A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1563601178.000001761CD27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://account.bellmedia.cfirefox.exe, 0000000E.00000003.1379299681.000001761E388000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1510559047.000001761E388000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.1490892466.000001761F3A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://www.zhihu.com/firefox.exe, 0000000E.00000003.1519003803.000001761FB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1539886610.000001761FB20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.1446851831.000001761FB9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1503420169.0000017627D83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627D83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.1446851831.000001761FB9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1503420169.0000017627D83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444564295.0000017627D83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.1529042111.000001761D1BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.1377065202.000001761FA48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1459342974.000001761FA45000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.1537124927.0000017624532000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397155474.000001761D74B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.1445775119.000001762444C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.1444564295.0000017627D83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://profiler.firefox.comfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.1515201710.000001761DA41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.1543861023.000001761F44E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1490239348.000001761F447000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.1405556881.00000176260E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1405556881.00000176260C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1406651478.00000176260E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1407111863.000001761D025000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.1355411969.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356187990.000001761B928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1356465071.000001761B933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455984828.000001761B939000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.1505376953.0000017627B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1536900490.0000017627B7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.1520075404.000001761DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.1531309550.000001761C262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.1445775119.0000017624424000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3171191451.000001E99E100000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3170510185.000001C2867E0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3167362629.000001CF96D90000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.110
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          151.101.193.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1578954
                                                                                                                                                                                                                                                                          Start date and time:2024-12-20 17:12:13 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 8m 20s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:24
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:nM0h824cc3.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:44a8228720ef89ddef7843dd2093fa37.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/41@68/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                                                                                                                                          • Number of executed functions: 49
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 295
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.40.120.141, 44.228.225.150, 44.240.87.158, 142.250.181.106, 142.250.181.138, 142.250.181.142, 88.221.134.155, 88.221.134.209, 13.107.246.63, 23.218.208.109, 4.245.163.56
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: nM0h824cc3.exe

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                  ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                            151.101.193.91tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              34.149.100.209gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                    http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                example.orggTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                star-mini.c10r.facebook.comgTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                http://mee6.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                https://www.grapevine.org/join/next-gen-giving-circle-dcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                http://johnlewispartners.shopGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                twitter.comgTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                • 104.244.42.193

                                                                                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGgTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                https://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.39.58
                                                                                                                                                                                                                                                                                                                                http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                FASTLYUShttp://www.eventcreate.com/e/you-have-received-a-new-docGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                https://dnearymedahealthstaffing.wordpress.com/medahealthstaffing-proposal/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                http://northwesthousingservices.discussripped.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                mniscreenthinkinggoodforentiretimegoodfotbusubessthings.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 185.199.108.133
                                                                                                                                                                                                                                                                                                                                https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.1.138
                                                                                                                                                                                                                                                                                                                                Invoice for 04-09-24 fede39.admr.org.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.1.229
                                                                                                                                                                                                                                                                                                                                ATGS-MMD-ASUSgTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                mniscreenthinkinggoodforentiretimegoodfotbusubessthings.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                                                                                                                                                                • 57.129.55.225
                                                                                                                                                                                                                                                                                                                                nshmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 51.173.247.160
                                                                                                                                                                                                                                                                                                                                nsharm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 34.0.71.142
                                                                                                                                                                                                                                                                                                                                nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 48.200.113.249
                                                                                                                                                                                                                                                                                                                                SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 57.129.55.225
                                                                                                                                                                                                                                                                                                                                hmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 51.238.254.102
                                                                                                                                                                                                                                                                                                                                SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 57.129.55.225

                                                                                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                fb0aa01abe9d8e4037eb3473ca6e2dcagTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpgTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                        do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                              kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_3a88ac4a-475f-4083-9fcd-36fabfc9483c.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.178759046034708
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:bMMXJl+cbhbVbTbfbRbObtbyEl7nQrqJA6unSrDtTkdySd:btWcNhnzFSJwr51nSrDhkdyc
                                                                                                                                                                                                                                                                                                                                                                    MD5:0BD510C389A671E2CD455AF2DED2BD23
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CE6CF2DDBBFF97972E7C17F241B8AF977108A159
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:2A376D52910A927262C18C91C6E082979B3B20133F54DABF1A145E3E38547371
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:2A39D61D7437B3E902637077F3A248E024E7591DB0C62E836444B08002839B6BCC798FCC5DF508C90BB7B4DD5CB8CF59A24FCEC894F7ECB3F90B190F2F3188FC
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"3a88ac4a-475f-4083-9fcd-36fabfc9483c","creationDate":"2024-12-20T17:45:45.849Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"c52d5856-ece5-494f-aabd-86188f9ce2c7","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_3a88ac4a-475f-4083-9fcd-36fabfc9483c.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.178759046034708
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:bMMXJl+cbhbVbTbfbRbObtbyEl7nQrqJA6unSrDtTkdySd:btWcNhnzFSJwr51nSrDhkdyc
                                                                                                                                                                                                                                                                                                                                                                    MD5:0BD510C389A671E2CD455AF2DED2BD23
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CE6CF2DDBBFF97972E7C17F241B8AF977108A159
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:2A376D52910A927262C18C91C6E082979B3B20133F54DABF1A145E3E38547371
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:2A39D61D7437B3E902637077F3A248E024E7591DB0C62E836444B08002839B6BCC798FCC5DF508C90BB7B4DD5CB8CF59A24FCEC894F7ECB3F90B190F2F3188FC
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"3a88ac4a-475f-4083-9fcd-36fabfc9483c","creationDate":"2024-12-20T17:45:45.849Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"c52d5856-ece5-494f-aabd-86188f9ce2c7","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\091tobv5.default-release\jumpListCache\pV+3TL7Nu3EP5juvr_gPjg==.ico

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 24 bits/pixel
                                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):490
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.246483341090937
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:l8v/7J2T+gwjz+vdzLSMO9mj253UT3BcHXhJo:82CgwS//O91iT3BUXh6
                                                                                                                                                                                                                                                                                                                                                                    MD5:BD9751DFFFEFFA2154CC5913489ED58C
                                                                                                                                                                                                                                                                                                                                                                    SHA1:1C9230053C45CA44883103A6ACFDF49AC53ABF45
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:834C4F18E96CFDAA395246183DE76032F1B77886764CEEBE52F6A146FA4D4C3B
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:01072F60F4B2489BB84639A6179A82A3EA90A31C1AD61D30EF27800C3114DB5E45662583E1C0B5382F51635DC14372EFC71DCD069999D6B21A5D256C70697790
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:.......................PNG........IHDR................a....IDAT8O...1P......p....d1.....v)......p.nXM.t.H.(.......B$..}_G.{.......:uN...=......s|.$...`0.....dl6.>>>p.\.v;z.......F.a:.2..D.V.....V..n...g.z.X..C...v.......=.H..d..P*...i.."...X,.B...h...xyy.V....I$..J%r....6....Z-:...P..J..........|>'...P.\&.....l6....N5...Z.x<.....h.z..'@...L&.F..'.Jq<...m6.OOO.....$..r:.......v..V..ze.\.p.R..t.Z.....r...B...3.B..0...T*E".p8.D0..`2.D.j...h..n...wF...........#......O....IEND.B`.

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                    MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                    SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                    MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                    SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0DY2BKDP4LMVH4JVPC1P.temp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3194293230606373
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:0bdGUUgdw4MzCbdGY6Bdw4cMbdGYadw4+1:2Kj
                                                                                                                                                                                                                                                                                                                                                                    MD5:F6163F72637A3BFFA5D01B9E34C3E1F5
                                                                                                                                                                                                                                                                                                                                                                    SHA1:771AFC6A080078B1EAA9720AB953FD771C60C1F8
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:59A2D04D7E92A3BAD6C2F12AB15C01019174D8BA54DC0B6E5FBE4C3A09385A1C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E550F2C581A65B15E6A4C72C7F696C5FBB6EBF3AB32A9162C8B0124D89E6DF644C8128A7723D6054B3BD8B7A18D16457C75638BB005788EC594C51C2123F2D24
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p............R..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y..............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y................................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........7p.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3194293230606373
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:0bdGUUgdw4MzCbdGY6Bdw4cMbdGYadw4+1:2Kj
                                                                                                                                                                                                                                                                                                                                                                    MD5:F6163F72637A3BFFA5D01B9E34C3E1F5
                                                                                                                                                                                                                                                                                                                                                                    SHA1:771AFC6A080078B1EAA9720AB953FD771C60C1F8
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:59A2D04D7E92A3BAD6C2F12AB15C01019174D8BA54DC0B6E5FBE4C3A09385A1C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E550F2C581A65B15E6A4C72C7F696C5FBB6EBF3AB32A9162C8B0124D89E6DF644C8128A7723D6054B3BD8B7A18D16457C75638BB005788EC594C51C2123F2D24
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p............R..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y..............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y................................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........7p.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3194293230606373
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:0bdGUUgdw4MzCbdGY6Bdw4cMbdGYadw4+1:2Kj
                                                                                                                                                                                                                                                                                                                                                                    MD5:F6163F72637A3BFFA5D01B9E34C3E1F5
                                                                                                                                                                                                                                                                                                                                                                    SHA1:771AFC6A080078B1EAA9720AB953FD771C60C1F8
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:59A2D04D7E92A3BAD6C2F12AB15C01019174D8BA54DC0B6E5FBE4C3A09385A1C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E550F2C581A65B15E6A4C72C7F696C5FBB6EBF3AB32A9162C8B0124D89E6DF644C8128A7723D6054B3BD8B7A18D16457C75638BB005788EC594C51C2123F2D24
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p............R..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y..............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y................................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........7p.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ANYU28N4P1RK8XICHYXN.temp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3194293230606373
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:0bdGUUgdw4MzCbdGY6Bdw4cMbdGYadw4+1:2Kj
                                                                                                                                                                                                                                                                                                                                                                    MD5:F6163F72637A3BFFA5D01B9E34C3E1F5
                                                                                                                                                                                                                                                                                                                                                                    SHA1:771AFC6A080078B1EAA9720AB953FD771C60C1F8
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:59A2D04D7E92A3BAD6C2F12AB15C01019174D8BA54DC0B6E5FBE4C3A09385A1C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:E550F2C581A65B15E6A4C72C7F696C5FBB6EBF3AB32A9162C8B0124D89E6DF644C8128A7723D6054B3BD8B7A18D16457C75638BB005788EC594C51C2123F2D24
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p............R..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y..............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y................................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z...........7p.......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.937705199883704
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:gjziNFS+O2PUFzOdwNIOd8jvYRGrLgqm8P:gjziNFS+OyUxOdwiOd8jTLgqm8P
                                                                                                                                                                                                                                                                                                                                                                    MD5:C15391BF984EF91E226E0BA220310779
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F5F8D5B52ADCAB291A0242EFF60C9DD23B7A589E
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5F50A4EFBD4B198938A8B711FA7DD2FC61E40242F14789C568B9F76F47D9CD7F
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8B8FAEB398A5390BAFACE1086EF8FD031264A9C9CB247EF4E09B5F24BE25844306A39B06EA3BDBA99B617B7222093123ED1F20E94F10362B6C491F24BFFA2C4A
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"22cb469c-1a0f-4c4f-8465-adc25b4d990d","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T09:51:32.910Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.937705199883704
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:gjziNFS+O2PUFzOdwNIOd8jvYRGrLgqm8P:gjziNFS+OyUxOdwiOd8jTLgqm8P
                                                                                                                                                                                                                                                                                                                                                                    MD5:C15391BF984EF91E226E0BA220310779
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F5F8D5B52ADCAB291A0242EFF60C9DD23B7A589E
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:5F50A4EFBD4B198938A8B711FA7DD2FC61E40242F14789C568B9F76F47D9CD7F
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8B8FAEB398A5390BAFACE1086EF8FD031264A9C9CB247EF4E09B5F24BE25844306A39B06EA3BDBA99B617B7222093123ED1F20E94F10362B6C491F24BFFA2C4A
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"22cb469c-1a0f-4c4f-8465-adc25b4d990d","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T09:51:32.910Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5321
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.616950216416023
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2Xb:VTx2x2t0FDJ4NpwZMd0EJwq
                                                                                                                                                                                                                                                                                                                                                                    MD5:E1518C2B2784D504C84C175662D1EF14
                                                                                                                                                                                                                                                                                                                                                                    SHA1:A3F4A3BD1C7F48BF4743BB3D1D3FED577D64D83B
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C807EF41D3523DFDB6CFC7CE39802775C41D527EE6E392251ED722C8AA53E89C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:37A02E4A3082DF419A0D7A8D48DC2997347B6F7D79142D0097D6B4B3FFE7AD646EF4C0B0E8D7171C871A163A25913F5F71E11467037290C980428ED9B1FC1B7D
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5321
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.616950216416023
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2Xb:VTx2x2t0FDJ4NpwZMd0EJwq
                                                                                                                                                                                                                                                                                                                                                                    MD5:E1518C2B2784D504C84C175662D1EF14
                                                                                                                                                                                                                                                                                                                                                                    SHA1:A3F4A3BD1C7F48BF4743BB3D1D3FED577D64D83B
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C807EF41D3523DFDB6CFC7CE39802775C41D527EE6E392251ED722C8AA53E89C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:37A02E4A3082DF419A0D7A8D48DC2997347B6F7D79142D0097D6B4B3FFE7AD646EF4C0B0E8D7171C871A163A25913F5F71E11467037290C980428ED9B1FC1B7D
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                    MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.188139169100479
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:Y8I4ovfnXg4p6z4d4fv4A4RYhvMM4lV4PX4P45I464x:366vM0
                                                                                                                                                                                                                                                                                                                                                                    MD5:83BB625BB55A7C6258C8A955E9355247
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F471A0899DA8F9D1891FE84EEE57F49A483BD354
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:43EDDA472C6BF4E1D8930DE16766D904D45CFAB872BE0EFD34A97C9A7FF6C2F1
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5DFB70D3E2766CC995FA5376BDC80695240F110D50796264F94DC8F4BBD57C284062DDC5B175F77BE81F10E3222132A77E4A904E44A358F1CFBADD5DBFD14B9E
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{00c60170-fd9d-4229-8c0b-f2fb3c217cc3}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.188139169100479
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:Y8I4ovfnXg4p6z4d4fv4A4RYhvMM4lV4PX4P45I464x:366vM0
                                                                                                                                                                                                                                                                                                                                                                    MD5:83BB625BB55A7C6258C8A955E9355247
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F471A0899DA8F9D1891FE84EEE57F49A483BD354
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:43EDDA472C6BF4E1D8930DE16766D904D45CFAB872BE0EFD34A97C9A7FF6C2F1
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:5DFB70D3E2766CC995FA5376BDC80695240F110D50796264F94DC8F4BBD57C284062DDC5B175F77BE81F10E3222132A77E4A904E44A358F1CFBADD5DBFD14B9E
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{00c60170-fd9d-4229-8c0b-f2fb3c217cc3}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                    • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: ghostspider.7z, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: do.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: tightvnc-2.8.59-gpl-setup-64bit.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                    • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: ghostspider.7z, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: do.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: tightvnc-2.8.59-gpl-setup-64bit.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.07335023263500667
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiv/:DLhesh7Owd4+jiv/
                                                                                                                                                                                                                                                                                                                                                                    MD5:C5CAED5052995905FF151966194035EF
                                                                                                                                                                                                                                                                                                                                                                    SHA1:11C412C0FBB01B95D82D57A4A9E35389116AA1BF
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E4CEF4C7B58698244B0BB9291868334D4FA3B703BD995194E94150B4485691FF
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:9CF8041AC50D8E50B2CBBC57318E97D38A2E8A2F504E1EAA280E6B901BC2DEE847571037421230FBE750602E84A63E14DF375C0F98C1CD399D3BBE281F3F3AD7
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.03960322595581722
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:GHlhVMt4YR4dtbfItHlhVMt4YR4dtbVllwl8a9//Ylll4llqlyllel4lt:G7VMtCdxfIt7VMtCdxVoL9XIwlio
                                                                                                                                                                                                                                                                                                                                                                    MD5:1EE5661400A583B5E5F0CB9F1D1F29AD
                                                                                                                                                                                                                                                                                                                                                                    SHA1:DF69CFB244D836EACF3183BF30BC51C886F211E7
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C0E62265EB6A4235DA398BA1695D3FA6FFF2F674035544513F1DAC704228D891
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:657C5763AB84BC5EA966F1D3AF8C756E0A2CEA009CEA44264C94A451DCF129304E644636202D29AE13ECFD95DEB3E4E9D98AE370F8310292F0E6B9A4E8C1F09B
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:..-......................fUi]+.4]..F`..G.lS...{..-......................fUi]+.4]..F`..G.lS...{........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.11795153269099022
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:KaSXfk3WyLxsZ+suBjxsMlIAUCFwWUC8sCCQE/kKC8wCUOxsaWD0wldVZ2i7+:jSXM3WeQ9uPJ7KW4jRW/V6NtZk
                                                                                                                                                                                                                                                                                                                                                                    MD5:D1D131B7EA4CE161E4C0402DD7D67D1F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:43A4773491449F75EAAB33FCCD9F84D84B1BF81A
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4CB1050A281D18B15E24A322333E7D6CCCA80479F9A323B6131AB82935065CD9
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:BE3D497E1B2D2C71E0378BEC40DA0426E2B7E2423CD295A1FE497E25C0A3F934333A6BD43B8573942A6CA926CDA9263571872BF7CACBE85B121CD9ECFCCC245D
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:7....-..........]..F`.....p..u........]..F`...2..h..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1808), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):14172
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.464062077923894
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:UnBRNZ3YbBp6AR1+PaXJ6/x8lWBz9/3/71p5RHNBw8dMSl:ke310/xz99PPw30
                                                                                                                                                                                                                                                                                                                                                                    MD5:A745F07BAE45855755E0733C031D1315
                                                                                                                                                                                                                                                                                                                                                                    SHA1:717425497CD7041B0C1988D15BE67423CE14E0F3
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E985FE054DC1C511D0F35EC965B1C90FB7DE580B187A88741152D593089C81C2
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8BABCDF655DA744421C57CBEAF2473D4288A0587FD7AB8DBA57B24C7A08B3E4D4712B720086AC1CE03B7B22C0ED3B2564F47EB4AE25238FA4EC352973306787F
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "ecedec8f-7097-47fc-a9e3-d74f0c8e2503");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734716715);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734716715);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734716715);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173471

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1808), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):14172
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.464062077923894
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:UnBRNZ3YbBp6AR1+PaXJ6/x8lWBz9/3/71p5RHNBw8dMSl:ke310/xz99PPw30
                                                                                                                                                                                                                                                                                                                                                                    MD5:A745F07BAE45855755E0733C031D1315
                                                                                                                                                                                                                                                                                                                                                                    SHA1:717425497CD7041B0C1988D15BE67423CE14E0F3
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E985FE054DC1C511D0F35EC965B1C90FB7DE580B187A88741152D593089C81C2
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8BABCDF655DA744421C57CBEAF2473D4288A0587FD7AB8DBA57B24C7A08B3E4D4712B720086AC1CE03B7B22C0ED3B2564F47EB4AE25238FA4EC352973306787F
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "ecedec8f-7097-47fc-a9e3-d74f0c8e2503");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734716715);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734716715);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734716715);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173471

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                    MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                    SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\saved-telemetry-pings\27eeee94-1d33-48e7-876a-0928e0b07a44 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):493
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.948537956225862
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:YZFgoWIE2VSTZDrrDIVHlW8cOlZGV1AQIYzvZcyBuLZZhX:YYkcrSlCOlZGV1AQIWZcy6ZZB
                                                                                                                                                                                                                                                                                                                                                                    MD5:DEFAE4436E1D4F11F092314B28E2C629
                                                                                                                                                                                                                                                                                                                                                                    SHA1:3CA2C3830D01C88902B177382D29CC3124B76714
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D0D99CF5568828FE03B2EF6F3F15D88D86DCA56ACF48AA4B148CD3806B1A96B3
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:CD1A44B7CF70787308E11AB5D8C802E748CD339C1D9EA128FB41D318167D0447BCCAEE74D34DA4A6C67E92255DE8CEA9ED429B189131FE272C0A87D1F813FE3C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"health","id":"27eeee94-1d33-48e7-876a-0928e0b07a44","creationDate":"2024-12-20T17:45:47.159Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"c52d5856-ece5-494f-aabd-86188f9ce2c7"}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\saved-telemetry-pings\27eeee94-1d33-48e7-876a-0928e0b07a44.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):493
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.948537956225862
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:YZFgoWIE2VSTZDrrDIVHlW8cOlZGV1AQIYzvZcyBuLZZhX:YYkcrSlCOlZGV1AQIWZcy6ZZB
                                                                                                                                                                                                                                                                                                                                                                    MD5:DEFAE4436E1D4F11F092314B28E2C629
                                                                                                                                                                                                                                                                                                                                                                    SHA1:3CA2C3830D01C88902B177382D29CC3124B76714
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D0D99CF5568828FE03B2EF6F3F15D88D86DCA56ACF48AA4B148CD3806B1A96B3
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:CD1A44B7CF70787308E11AB5D8C802E748CD339C1D9EA128FB41D318167D0447BCCAEE74D34DA4A6C67E92255DE8CEA9ED429B189131FE272C0A87D1F813FE3C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"health","id":"27eeee94-1d33-48e7-876a-0928e0b07a44","creationDate":"2024-12-20T17:45:47.159Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"c52d5856-ece5-494f-aabd-86188f9ce2c7"}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1575
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.346767016028729
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSgGLXnIgV4/pnxQwRlszT5sB09U3eHVFseKuOyamhuj3IOuSEUm0WN:GUpOx0enR61U3eHOy4YrSuN
                                                                                                                                                                                                                                                                                                                                                                    MD5:BAE24BAE0C024DC48C7306D3CB902100
                                                                                                                                                                                                                                                                                                                                                                    SHA1:2D7E7BC6864F0094E5987012153872F7946821AC
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F34F5376FB40A5C7C4942CAAEF9ABE80F4D906335DAB10B035D4D681D85EAB72
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4B4E7186C945C4F022BD76D38B6A31A69A611A4A5FAAD325045F9F2AFC3BC45312E8CD2E0FE699DE0782AF94D352FE4F6E2BD5CD724F7BCD5A3379C1406E0875
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{0836e6a3-566f-482f-acb0-ebe55bf17f3a}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734716719845,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...f44a76a6-556e-4dc8-8bf2-cf26f02d08a[..zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..`685144...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A93e1b9c34761ff8e8daa914c9d20b354e9b09a60c2e612021388b36b843ead3e","path":"/","na..`"taarI!.bsecure...,`.Donly..eexpiry..@6899..xoriginA..

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1575
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.346767016028729
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSgGLXnIgV4/pnxQwRlszT5sB09U3eHVFseKuOyamhuj3IOuSEUm0WN:GUpOx0enR61U3eHOy4YrSuN
                                                                                                                                                                                                                                                                                                                                                                    MD5:BAE24BAE0C024DC48C7306D3CB902100
                                                                                                                                                                                                                                                                                                                                                                    SHA1:2D7E7BC6864F0094E5987012153872F7946821AC
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F34F5376FB40A5C7C4942CAAEF9ABE80F4D906335DAB10B035D4D681D85EAB72
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4B4E7186C945C4F022BD76D38B6A31A69A611A4A5FAAD325045F9F2AFC3BC45312E8CD2E0FE699DE0782AF94D352FE4F6E2BD5CD724F7BCD5A3379C1406E0875
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{0836e6a3-566f-482f-acb0-ebe55bf17f3a}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734716719845,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...f44a76a6-556e-4dc8-8bf2-cf26f02d08a[..zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..`685144...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A93e1b9c34761ff8e8daa914c9d20b354e9b09a60c2e612021388b36b843ead3e","path":"/","na..`"taarI!.bsecure...,`.Donly..eexpiry..@6899..xoriginA..

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1575
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.346767016028729
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxSgGLXnIgV4/pnxQwRlszT5sB09U3eHVFseKuOyamhuj3IOuSEUm0WN:GUpOx0enR61U3eHOy4YrSuN
                                                                                                                                                                                                                                                                                                                                                                    MD5:BAE24BAE0C024DC48C7306D3CB902100
                                                                                                                                                                                                                                                                                                                                                                    SHA1:2D7E7BC6864F0094E5987012153872F7946821AC
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F34F5376FB40A5C7C4942CAAEF9ABE80F4D906335DAB10B035D4D681D85EAB72
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:4B4E7186C945C4F022BD76D38B6A31A69A611A4A5FAAD325045F9F2AFC3BC45312E8CD2E0FE699DE0782AF94D352FE4F6E2BD5CD724F7BCD5A3379C1406E0875
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{0836e6a3-566f-482f-acb0-ebe55bf17f3a}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734716719845,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...f44a76a6-556e-4dc8-8bf2-cf26f02d08a[..zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..`685144...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A93e1b9c34761ff8e8daa914c9d20b354e9b09a60c2e612021388b36b843ead3e","path":"/","na..`"taarI!.bsecure...,`.Donly..eexpiry..@6899..xoriginA..

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                    MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                    SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.030608420448174
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:yc0NTEr5V/F/4U2zzcbvbw6KkOrc2Rn27:iTEr5VN/4U2z1phRe
                                                                                                                                                                                                                                                                                                                                                                    MD5:4FAE64EB77AE019236A0D806393D902F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:81D40F696627CE7B294A90795F3BB4F0BBD87559
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B8D1FC6086BD3F6E1B75319F3F299E0B09A2716BED3DE0786FBAA83572776106
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C6C78DADEBA8CDD85342ACDDF6204AD22A6DDA3F00F1AD16DF4EEBF7931D8D14ED9859DCB4154B4F3CE9A76101D85152C00D67DC83A925EDF2725C0CA0724A5C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T17:44:59.851Z","profileAgeCreated":1696499488915,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.030608420448174
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:yc0NTEr5V/F/4U2zzcbvbw6KkOrc2Rn27:iTEr5VN/4U2z1phRe
                                                                                                                                                                                                                                                                                                                                                                    MD5:4FAE64EB77AE019236A0D806393D902F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:81D40F696627CE7B294A90795F3BB4F0BBD87559
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B8D1FC6086BD3F6E1B75319F3F299E0B09A2716BED3DE0786FBAA83572776106
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C6C78DADEBA8CDD85342ACDDF6204AD22A6DDA3F00F1AD16DF4EEBF7931D8D14ED9859DCB4154B4F3CE9A76101D85152C00D67DC83A925EDF2725C0CA0724A5C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T17:44:59.851Z","profileAgeCreated":1696499488915,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.698948612887414
                                                                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                    File name:nM0h824cc3.exe
                                                                                                                                                                                                                                                                                                                                                                    File size:968'192 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5:44a8228720ef89ddef7843dd2093fa37
                                                                                                                                                                                                                                                                                                                                                                    SHA1:4287d9be9e21bb2ff2c1d9a8ae7e82da87bc993d
                                                                                                                                                                                                                                                                                                                                                                    SHA256:eab8ff0d42ac0cf7dc6664b52e6fb6a5889576b96e74328da78b1263f97214ab
                                                                                                                                                                                                                                                                                                                                                                    SHA512:968ae49ca5b3687440f54b54ac1fa8b8e4ee62aeb88818b0c083326eb224945becdaebf148da1acc52f8e1e160e2a0bf7b5bd6123fcd0d2977c59e794aa68af0
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:CqDEvCTbMWu7rQYlBQcBiT6rprG8alRe:CTvC/MTQYxsWR7al
                                                                                                                                                                                                                                                                                                                                                                    TLSH:C0259E0273D1C062FFAB92334B5AF6515BBC69260123E62F13981D79BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                                                                                    Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                    Time Stamp:0x6764364F [Thu Dec 19 15:05:51 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                    Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                                                                                                    call 00007F23C4AF6A83h
                                                                                                                                                                                                                                                                                                                                                                    jmp 00007F23C4AF638Fh
                                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                    call 00007F23C4AF656Dh
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                    call 00007F23C4AF653Ah
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                    add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                                    call 00007F23C4AF912Dh
                                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                                    call 00007F23C4AF9178h
                                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                                    call 00007F23C4AF9161h
                                                                                                                                                                                                                                                                                                                                                                    test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                    pop ecx

                                                                                                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x15bd0.rsrc
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xea0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                    .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                    .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                    .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                    .rsrc0xd40000x15bd00x15c00b8b49be97cd75859ead22c7ad52e693eFalse0.6970186781609196data7.143857732961005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                    .reloc0xea0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                    RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                    RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0xdc8fc0xcd54data1.0004946351114832
                                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe96500x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe96c80x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe96dc0x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe96f00x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                    RT_VERSION0xe97040xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                    RT_MANIFEST0xe97e00x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                                                                                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                    USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                    GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                    OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                    EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.996252060 CET49727443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.996298075 CET4434972735.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.996548891 CET49727443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.001420021 CET49727443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.001435995 CET4434972735.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.001849890 CET49728443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.001908064 CET44349728142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.001981020 CET49729443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.002017975 CET44349729142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.002069950 CET4973080192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.002171040 CET49728443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.002248049 CET49729443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.003628016 CET49728443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.003664970 CET44349728142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.004992008 CET49729443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.005008936 CET44349729142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.122694016 CET804973034.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.122873068 CET4973080192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.123024940 CET4973080192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.242471933 CET804973034.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.402085066 CET49731443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.402129889 CET4434973134.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.407077074 CET49731443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.408780098 CET49731443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.408802032 CET4434973134.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.555850029 CET49732443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.555896044 CET4434973234.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.556334972 CET49732443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.557816982 CET49732443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.557835102 CET4434973234.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.558198929 CET49733443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.558207989 CET4434973335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.558319092 CET49733443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.558454037 CET49733443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.558465958 CET4434973335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.608845949 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.608894110 CET4434973434.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.623224020 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.623651028 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.623666048 CET4434973434.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.211453915 CET804973034.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.220366001 CET4434972735.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.221268892 CET49727443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.263067961 CET4973080192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.492829084 CET49727443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.492856026 CET4434972735.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.492953062 CET49727443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.493087053 CET4434972735.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.494990110 CET49727443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.632738113 CET4434973134.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.633172035 CET49731443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.637953043 CET49731443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.637964010 CET4434973134.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.638030052 CET49731443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.638153076 CET4434973134.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.638257027 CET49731443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.638421059 CET49735443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.638465881 CET4434973534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.638544083 CET49735443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.639939070 CET49735443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.639950037 CET4434973534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.700558901 CET44349729142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.700814009 CET49729443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.701159954 CET44349728142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.701251984 CET44349729142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.701292038 CET49728443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.701877117 CET44349728142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.702045918 CET49729443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.702059984 CET49728443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.707132101 CET49728443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.707145929 CET44349728142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.707238913 CET49728443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.707371950 CET44349728142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.707433939 CET49728443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.708713055 CET49729443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.708731890 CET44349729142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.708789110 CET49729443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.708879948 CET44349729142.250.181.110192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.709331989 CET49729443192.168.2.10142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.777805090 CET4434973335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.778559923 CET49733443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.782636881 CET49733443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.782649994 CET4434973335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.782869101 CET4434973335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.788155079 CET4434973234.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.789443016 CET49733443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.789530993 CET49733443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.789578915 CET4434973335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.789776087 CET49733443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.789807081 CET49732443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.793888092 CET49732443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.793895006 CET4434973234.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.793966055 CET49732443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.794018030 CET4434973234.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.794111967 CET49732443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.799716949 CET4973780192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.840714931 CET4434973434.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.840728045 CET4434973434.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.841021061 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.844028950 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.844048023 CET4434973434.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.844295025 CET4434973434.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.846693993 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.846806049 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.846847057 CET4434973434.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.847266912 CET49738443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.847304106 CET4434973834.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.857383966 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.857383966 CET49734443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.857757092 CET49738443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.857757092 CET49738443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.857796907 CET4434973834.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.920459986 CET804973734.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.927383900 CET4973780192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.927954912 CET4973780192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.047708035 CET804973734.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.094736099 CET4973080192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.205096960 CET49745443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.205148935 CET4434974534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.214519978 CET804973034.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.222687006 CET49745443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.224144936 CET49745443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.224158049 CET4434974534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.410036087 CET804973034.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.411844969 CET4973080192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.430938005 CET4973780192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.533824921 CET804973034.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.533987999 CET4973080192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.593832016 CET804973734.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.728905916 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.819606066 CET804973734.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.826836109 CET4973780192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.848623037 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.848781109 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.848961115 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.861474991 CET4434973534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.861783028 CET49735443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.868091106 CET49735443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.868110895 CET4434973534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.868165970 CET49735443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.868249893 CET4434973534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.869113922 CET49735443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.969069004 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.075648069 CET4434973834.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.075664997 CET4434973834.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.075726986 CET49738443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.078784943 CET49738443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.078789949 CET4434973834.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.079031944 CET4434973834.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.082150936 CET49738443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.082235098 CET49738443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.082292080 CET4434973834.160.144.191192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.083792925 CET49738443192.168.2.1034.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.456228971 CET4434974534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.456288099 CET4434974534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.458273888 CET49745443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.558615923 CET49745443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.558667898 CET4434974534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.558685064 CET49745443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.559256077 CET4434974534.117.188.166192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.579763889 CET49745443192.168.2.1034.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.630569935 CET49747443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.630620956 CET4434974735.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.638761044 CET49747443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.639070988 CET49747443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.639087915 CET4434974735.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.784416914 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.785252094 CET49749443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.785271883 CET4434974934.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.797384024 CET49749443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.801311970 CET49749443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.801323891 CET4434974934.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.904005051 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.904669046 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.904836893 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.923954964 CET49750443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.924048901 CET4434975034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.924498081 CET49750443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.926002026 CET49750443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.926032066 CET4434975034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.927210093 CET49751443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.927254915 CET4434975134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.927536964 CET49751443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.929038048 CET49751443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.929054976 CET4434975134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.936014891 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.983948946 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.026232004 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.859874964 CET4434974735.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.859890938 CET4434974735.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.859946966 CET49747443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.862894058 CET49747443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.862905025 CET4434974735.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.863172054 CET4434974735.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.865727901 CET49747443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.865812063 CET49747443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.865906000 CET4434974735.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.866009951 CET49747443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.991956949 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.018557072 CET4434974934.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.018573999 CET4434974934.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.018726110 CET49749443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.023854017 CET49749443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.023860931 CET4434974934.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.023974895 CET4434974934.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.024072886 CET49749443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.024081945 CET4434974934.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.024122953 CET49749443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.038290977 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.149975061 CET4434975034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.150077105 CET49750443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.154628992 CET4434975134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.154901981 CET49751443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.156502962 CET49750443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.156529903 CET4434975034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.156718016 CET4434975034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.156786919 CET49750443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.156796932 CET4434975034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.159332991 CET49751443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.159332991 CET49751443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.159367085 CET4434975134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.159507990 CET4434975134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.160114050 CET49751443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.363352060 CET4434975034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:24.364521980 CET49750443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.385314941 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.387332916 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.506012917 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.508855104 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.701502085 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.703452110 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.743345022 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.758971930 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.078211069 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.078246117 CET4434976234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.078593016 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.078727961 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.078737020 CET4434976234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.080471992 CET49763443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.080550909 CET4434976334.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.084193945 CET49763443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.085714102 CET49763443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.085750103 CET4434976334.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.313844919 CET4434976234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.315155983 CET4434976334.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.319091082 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.319329977 CET49763443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.321926117 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.321964979 CET4434976234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.322165966 CET4434976234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.325720072 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.325861931 CET4434976234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.326232910 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.326250076 CET4434976234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.326374054 CET49763443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.326396942 CET4434976334.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.326440096 CET49763443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.326617956 CET4434976334.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.327701092 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.327724934 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.327739000 CET49762443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:27.327749014 CET49763443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.872457981 CET49776443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.872508049 CET4434977634.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.872587919 CET49776443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.872723103 CET49776443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.872735023 CET4434977634.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.951864004 CET49777443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.951921940 CET4434977734.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.952037096 CET49777443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.953510046 CET49777443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.953522921 CET4434977734.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.982631922 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.084625959 CET4434977634.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.085251093 CET49776443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.089248896 CET49776443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.089263916 CET4434977634.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.089490891 CET4434977634.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.093395948 CET49776443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.093497992 CET49776443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.093517065 CET4434977634.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.094852924 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.095448017 CET49776443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.097421885 CET49780443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.097466946 CET4434978034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.099936008 CET49780443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.101315975 CET49780443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.101326942 CET4434978034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.102543116 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.109641075 CET49781443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.109653950 CET4434978134.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.109726906 CET49781443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.111004114 CET49781443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.111016989 CET4434978134.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.169198990 CET4434977734.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.173250914 CET49777443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.177278042 CET49777443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.177308083 CET4434977734.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.177360058 CET49777443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.177537918 CET4434977734.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.177726984 CET49777443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.214647055 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.299149036 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.342255116 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.410119057 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.465197086 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.607970953 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.608022928 CET4434978234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.611181974 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.981477976 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.981508970 CET4434978234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.048666954 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.169626951 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.236231089 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.236272097 CET4434978734.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.236732960 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.236872911 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.236886978 CET4434978734.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.319005013 CET4434978034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.319714069 CET49780443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.339049101 CET4434978134.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.339128971 CET49781443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.364969015 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.421278954 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.490653038 CET49780443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.490679026 CET4434978034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.490741968 CET49780443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.490847111 CET49781443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.490855932 CET4434978134.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.490897894 CET49781443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.490952969 CET4434978034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.491043091 CET49780443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.491050959 CET4434978134.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.492048025 CET49781443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.842669010 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.963130951 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.159406900 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.195910931 CET4434978234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.195981979 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.201677084 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.451245070 CET4434978734.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.454442024 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.663547993 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.663569927 CET4434978234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.663913965 CET4434978234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.668683052 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.668703079 CET4434978734.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.669092894 CET4434978734.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.725186110 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.725187063 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.852530003 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.852705002 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.852883101 CET4434978234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.852938890 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.852967024 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.853266001 CET4434978734.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.856748104 CET49782443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.856765032 CET49787443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.857259035 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.857767105 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.979737997 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.983338118 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.174984932 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.177798986 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.226773977 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.226802111 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.617630005 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.737205982 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:35.007879019 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:35.060357094 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:38.983383894 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.103060007 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.297719955 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.300816059 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.342125893 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.421135902 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.616774082 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.658613920 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:43.674252033 CET49815443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:43.674305916 CET4434981534.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:43.674572945 CET49815443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:43.676120996 CET49815443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:43.676153898 CET4434981534.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.886518955 CET4434981534.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.886857033 CET49815443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.895761013 CET49815443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.895798922 CET4434981534.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.895857096 CET49815443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.896075964 CET4434981534.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.897176981 CET49815443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.900006056 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.019471884 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.214512110 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.218532085 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.256742001 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.338381052 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.537209988 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.588922977 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.504116058 CET49821443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.504182100 CET4434982135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.504600048 CET49821443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.504826069 CET49821443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.504846096 CET4434982135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.559324026 CET49822443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.559386015 CET4434982234.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.559602022 CET49823443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.559616089 CET4434982335.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.560791016 CET49822443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.560955048 CET49823443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.560955048 CET49822443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.560981035 CET4434982234.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.562450886 CET49823443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.562469959 CET4434982335.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.710133076 CET49824443192.168.2.1035.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.710179090 CET4434982435.201.103.21192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.710454941 CET49824443192.168.2.1035.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.711987019 CET49824443192.168.2.1035.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.712009907 CET4434982435.201.103.21192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.769701004 CET49825443192.168.2.10151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.769754887 CET44349825151.101.193.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.769970894 CET49825443192.168.2.10151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.770136118 CET49825443192.168.2.10151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.770155907 CET44349825151.101.193.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.733774900 CET4434982135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.733848095 CET49821443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.737149954 CET49821443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.737169981 CET4434982135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.737404108 CET4434982135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.739836931 CET49821443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.739933968 CET49821443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.739979029 CET4434982135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.742259026 CET49821443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.743743896 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.773566961 CET4434982234.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.773622990 CET4434982335.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.776103020 CET49822443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.776135921 CET49823443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.779561996 CET49822443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.779581070 CET4434982234.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.779810905 CET4434982234.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.784487963 CET49822443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.784605026 CET49822443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.784616947 CET4434982234.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.785043955 CET49823443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.785065889 CET4434982335.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.785115004 CET49823443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.785221100 CET4434982335.190.72.216192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.785711050 CET49822443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.785732031 CET49823443192.168.2.1035.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.863310099 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.933456898 CET4434982435.201.103.21192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.933554888 CET49824443192.168.2.1035.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.938546896 CET49824443192.168.2.1035.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.938570023 CET4434982435.201.103.21192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.938638926 CET49824443192.168.2.1035.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.938734055 CET4434982435.201.103.21192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.938801050 CET49824443192.168.2.1035.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.951842070 CET49830443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.951894045 CET4434983034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.965059042 CET49830443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.965188026 CET49830443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.965208054 CET4434983034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.983741045 CET44349825151.101.193.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.984875917 CET49825443192.168.2.10151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.988856077 CET49825443192.168.2.10151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.988862991 CET44349825151.101.193.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.989134073 CET44349825151.101.193.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.991385937 CET49825443192.168.2.10151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.991489887 CET49825443192.168.2.10151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.991539955 CET44349825151.101.193.91192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.996251106 CET49825443192.168.2.10151.101.193.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.000416994 CET49831443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.000463963 CET4434983135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.000936031 CET49831443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.001075983 CET49831443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.001087904 CET4434983135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.002620935 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.002648115 CET4434983235.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.002840996 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.002970934 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.002979040 CET4434983235.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.005481958 CET49833443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.005511045 CET4434983335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.005949974 CET49833443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.006100893 CET49833443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.006108999 CET4434983335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.058171988 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.063065052 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.118859053 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.182782888 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.379261017 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.419601917 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.182878017 CET4434983034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.182917118 CET4434983034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.182970047 CET49830443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.186503887 CET49830443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.186553955 CET4434983034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.187179089 CET4434983034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.189734936 CET49830443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.189843893 CET49830443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.189915895 CET4434983034.149.100.209192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.191428900 CET49830443192.168.2.1034.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.216857910 CET4434983135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.216932058 CET49831443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.219861031 CET49831443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.219875097 CET4434983135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.220132113 CET4434983135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.221045017 CET4434983335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.221995115 CET49833443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.222121954 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.224539042 CET49833443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.224550009 CET4434983335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.224781036 CET4434983335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.225960016 CET4434983235.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.226254940 CET49831443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.226371050 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.226388931 CET4434983135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.226413012 CET49831443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.226421118 CET4434983135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.228961945 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.228971958 CET4434983235.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.229212999 CET4434983235.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.230875969 CET49833443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.230967045 CET49833443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.231044054 CET4434983335.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.232453108 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.232534885 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.232601881 CET4434983235.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.233685970 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.233700037 CET49833443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.233715057 CET49832443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.341614962 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.435333014 CET4434983135.244.181.201192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.435390949 CET49831443192.168.2.1035.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.540049076 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.543560982 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.585366964 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.663461924 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.858501911 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.901928902 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:59.545330048 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:59.665062904 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:59.861860037 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:59.981664896 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:05.351175070 CET49874443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:05.351237059 CET4434987434.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:05.351666927 CET49874443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:05.353112936 CET49874443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:05.353143930 CET4434987434.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.573297977 CET4434987434.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.573401928 CET49874443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.577389002 CET49874443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.577399969 CET4434987434.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.577501059 CET49874443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.577574968 CET4434987434.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.577903032 CET49874443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.579879045 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.699497938 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.896589041 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.900299072 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.950572968 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:07.019834042 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:07.215692043 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:07.267240047 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:16.911343098 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.031174898 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.097512960 CET49901443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.097567081 CET4434990134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.097712040 CET49902443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.097799063 CET4434990234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.097810030 CET49901443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.097929001 CET49902443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.098005056 CET49901443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.098012924 CET4434990134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.098129988 CET49902443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.098150969 CET4434990234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.227914095 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.347522974 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.349450111 CET4434990234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.349550009 CET49902443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.353054047 CET49902443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.353069067 CET4434990234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.353310108 CET4434990234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.355133057 CET4434990134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.355235100 CET49901443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.357621908 CET49901443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.357630968 CET4434990134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.357907057 CET4434990134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.358421087 CET49902443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.358532906 CET49902443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.358572006 CET4434990234.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.358762980 CET49902443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.360680103 CET49901443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.360754013 CET49901443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.360848904 CET4434990134.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.360893011 CET49901443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.555542946 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.557013035 CET49908443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.557054043 CET4434990834.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.562102079 CET49909443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.562199116 CET4434990934.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.562526941 CET49908443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.562544107 CET49909443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.562637091 CET49908443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.562647104 CET4434990834.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.562745094 CET49909443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.562782049 CET4434990934.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.590099096 CET49910443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.590125084 CET4434991034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.590524912 CET49910443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.590655088 CET49910443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.590667009 CET4434991034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.675127029 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.873925924 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.917265892 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.134644985 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.254251957 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.451251984 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.503479004 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.772994041 CET4434990834.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.773221016 CET49908443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.773958921 CET4434990934.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.774333000 CET49909443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.776393890 CET49908443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.776413918 CET4434990834.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.776742935 CET4434990834.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.779073000 CET49909443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.779086113 CET4434990934.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.779351950 CET4434990934.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.782250881 CET49908443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.782373905 CET49908443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.782455921 CET4434990834.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.782617092 CET49908443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.782915115 CET49909443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.783013105 CET49909443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.783051014 CET4434990934.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.783158064 CET49909443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.798963070 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.807914972 CET4434991034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.808005095 CET49910443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.811328888 CET49910443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.811345100 CET4434991034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.811882973 CET4434991034.120.208.123192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.813939095 CET49910443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.814052105 CET49910443192.168.2.1034.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.919514894 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.118108034 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.174437046 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.182907104 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.303045034 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.498097897 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.553514957 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:30.132929087 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:30.255698919 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:30.502860069 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:30.622389078 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:40.261596918 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:40.381184101 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:40.631551981 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:40.751221895 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.427263021 CET49970443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.427308083 CET4434997034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.427495956 CET49970443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.429677010 CET49970443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.429689884 CET4434997034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.667217016 CET4434997034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.667316914 CET49970443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.671972036 CET49970443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.671978951 CET4434997034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.672096968 CET49970443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.672131062 CET4434997034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.674180984 CET49970443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.675534964 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.795367002 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.990744114 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.994327068 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:49.033365011 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:49.114239931 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:49.309643030 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:49.356606960 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:58.999526978 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:59.119007111 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:59.316173077 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:59.435934067 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:09.130197048 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:09.249782085 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:09.446811914 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:09.566646099 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:19.260309935 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:19.385672092 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:19.577316046 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:19.698515892 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:29.387728930 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:29.507548094 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:29.704205990 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:29.824251890 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:39.516483068 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:39.637217999 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:39.832767010 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:39.952919960 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:49.646641970 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:49.766196012 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:49.962985992 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:50.082638025 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:59.775257111 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:59.894953012 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:00.091439009 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:00.211128950 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.031181097 CET50030443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.031219006 CET4435003034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.031385899 CET50030443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.033652067 CET50030443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.033664942 CET4435003034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.903114080 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.025437117 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.219575882 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.248972893 CET4435003034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.249176025 CET50030443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.256323099 CET50030443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.256335020 CET4435003034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.256480932 CET50030443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.256545067 CET4435003034.107.243.93192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.259396076 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.260622025 CET50030443192.168.2.1034.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.339186907 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.378982067 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.577316046 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.581511021 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.620800018 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.704257965 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.901487112 CET804974634.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.952933073 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:20.579416037 CET4974880192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:20.699703932 CET804974834.107.221.82192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:20.911592007 CET4974680192.168.2.1034.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:21.031085968 CET804974634.107.221.82192.168.2.10

                                                                                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.857764959 CET5047253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.862502098 CET6529153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.996464968 CET5330253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.997731924 CET53504721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.998768091 CET5479553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.000348091 CET6153053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.137939930 CET53547951.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.139478922 CET6221053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.140151978 CET53533021.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.140748024 CET6327453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.142168045 CET53615301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.142772913 CET6439153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.175986052 CET5842653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.276635885 CET53622101.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.278162956 CET53632741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.279525995 CET53643911.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.314367056 CET53584261.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.402981043 CET5996253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.412739038 CET6504353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.451147079 CET5541553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.540054083 CET53599621.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.540811062 CET6265453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.554272890 CET53650431.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.556194067 CET5530253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.558830023 CET5146853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.593421936 CET53554151.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.683439016 CET53626541.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.687083960 CET6468753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.700987101 CET53514681.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.702397108 CET53553021.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.704698086 CET4943653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.750957012 CET5129553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.824023008 CET53646871.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.842475891 CET53494361.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.846941948 CET5873853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.888266087 CET53512951.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.989980936 CET53587381.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.485003948 CET6256753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.485750914 CET5014053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.487448931 CET6160753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.623383999 CET53501401.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.625638008 CET53616071.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.659452915 CET6139453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.154102087 CET53646491.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.724915981 CET5807253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.862685919 CET53580721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.871330023 CET5437453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.015891075 CET53543741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.018724918 CET5459353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.157227993 CET53545931.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.782587051 CET6149753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.920669079 CET53614971.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.924308062 CET6191853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.927383900 CET5315953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.061677933 CET53619181.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.064547062 CET53531591.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.070856094 CET5881653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.071588039 CET5611553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.207863092 CET53588161.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.208558083 CET53561151.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.320390940 CET5715753192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.457787037 CET53571571.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.081351995 CET6353153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.223434925 CET53635311.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.224282026 CET5062053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.363332033 CET53506201.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.303039074 CET5317853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.443598986 CET53531781.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.137855053 CET4930053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.138127089 CET5409053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.138361931 CET5320953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET53493001.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279391050 CET53540901.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279814959 CET53532091.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.955212116 CET5885153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.955535889 CET5269053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.955760956 CET5983053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET53588511.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.093102932 CET53526901.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.096798897 CET53598301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.103358984 CET6273253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.103797913 CET5445353192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.104160070 CET5896953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241508007 CET53544531.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241550922 CET53627321.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241741896 CET53589691.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.248672009 CET5623853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.249352932 CET6343453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.256517887 CET5750053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.386394978 CET53634341.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.387207031 CET5883953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.388566971 CET53562381.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.389245987 CET5387053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.394217968 CET53575001.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.526627064 CET53588391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.527317047 CET5913953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.530410051 CET53538701.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.531024933 CET5293853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.664726019 CET53591391.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.744551897 CET53529381.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:43.674511909 CET5257253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:43.811362982 CET53525721.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.503351927 CET4953553192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.551286936 CET5079253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.570990086 CET5496853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.640422106 CET53495351.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.708992958 CET53549681.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.710388899 CET5137653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.768543959 CET53507921.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.769906998 CET6041653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.848099947 CET53513761.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.848913908 CET5191253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.908596039 CET53604161.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.909389019 CET5594153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.987468004 CET53519121.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.114856958 CET53559411.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:05.351556063 CET5863053192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:05.488933086 CET53586301.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.097925901 CET5572653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.237294912 CET53557261.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.555953026 CET6350253192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.286808968 CET5998653192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.425920010 CET53599861.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.427573919 CET6027953192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.564762115 CET53602791.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:08.751025915 CET5967453192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:08.888408899 CET53596741.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:08.889972925 CET5893153192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.029496908 CET53589311.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.030591011 CET6211853192.168.2.101.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.167618990 CET53621181.1.1.1192.168.2.10
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.259605885 CET5668953192.168.2.101.1.1.1

                                                                                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.857764959 CET192.168.2.101.1.1.10xb290Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.862502098 CET192.168.2.101.1.1.10x1acaStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.996464968 CET192.168.2.101.1.1.10xdb5dStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.998768091 CET192.168.2.101.1.1.10x10d1Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.000348091 CET192.168.2.101.1.1.10x2b93Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.139478922 CET192.168.2.101.1.1.10xb2afStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.140748024 CET192.168.2.101.1.1.10x7035Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.142772913 CET192.168.2.101.1.1.10xf889Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.175986052 CET192.168.2.101.1.1.10x9422Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.402981043 CET192.168.2.101.1.1.10xd429Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.412739038 CET192.168.2.101.1.1.10x9905Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.451147079 CET192.168.2.101.1.1.10xbce6Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.540811062 CET192.168.2.101.1.1.10x1b9dStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.556194067 CET192.168.2.101.1.1.10x103Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.558830023 CET192.168.2.101.1.1.10x227Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.687083960 CET192.168.2.101.1.1.10xb05dStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.704698086 CET192.168.2.101.1.1.10x1a88Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.750957012 CET192.168.2.101.1.1.10x77fcStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.846941948 CET192.168.2.101.1.1.10x3137Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.485003948 CET192.168.2.101.1.1.10x2287Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.485750914 CET192.168.2.101.1.1.10xa276Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.487448931 CET192.168.2.101.1.1.10x3557Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.659452915 CET192.168.2.101.1.1.10xc50eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.724915981 CET192.168.2.101.1.1.10xd350Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.871330023 CET192.168.2.101.1.1.10xca7bStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.018724918 CET192.168.2.101.1.1.10x6dd5Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.782587051 CET192.168.2.101.1.1.10xf55dStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.924308062 CET192.168.2.101.1.1.10x2d44Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.927383900 CET192.168.2.101.1.1.10x998dStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.070856094 CET192.168.2.101.1.1.10x74c4Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.071588039 CET192.168.2.101.1.1.10x6cbStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.320390940 CET192.168.2.101.1.1.10xeb4bStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.081351995 CET192.168.2.101.1.1.10x77f5Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.224282026 CET192.168.2.101.1.1.10x6cfdStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:29.303039074 CET192.168.2.101.1.1.10x7d1eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.137855053 CET192.168.2.101.1.1.10x7ccbStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.138127089 CET192.168.2.101.1.1.10x1a2fStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.138361931 CET192.168.2.101.1.1.10xd4e1Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.955212116 CET192.168.2.101.1.1.10x34c6Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.955535889 CET192.168.2.101.1.1.10x9ddaStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.955760956 CET192.168.2.101.1.1.10x20d0Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.103358984 CET192.168.2.101.1.1.10x4b11Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.103797913 CET192.168.2.101.1.1.10x50a3Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.104160070 CET192.168.2.101.1.1.10xb9a6Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.248672009 CET192.168.2.101.1.1.10x8195Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.249352932 CET192.168.2.101.1.1.10x4785Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.256517887 CET192.168.2.101.1.1.10x5249Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.387207031 CET192.168.2.101.1.1.10xd564Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.389245987 CET192.168.2.101.1.1.10xaabaStandard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.527317047 CET192.168.2.101.1.1.10xfbfcStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.531024933 CET192.168.2.101.1.1.10x8598Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:43.674511909 CET192.168.2.101.1.1.10xeb5eStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.503351927 CET192.168.2.101.1.1.10xb23bStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.551286936 CET192.168.2.101.1.1.10xd4bfStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.570990086 CET192.168.2.101.1.1.10x5d67Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.710388899 CET192.168.2.101.1.1.10x11e3Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.769906998 CET192.168.2.101.1.1.10xe5c9Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.848913908 CET192.168.2.101.1.1.10xd1aaStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.909389019 CET192.168.2.101.1.1.10x8824Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:05.351556063 CET192.168.2.101.1.1.10xdd13Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.097925901 CET192.168.2.101.1.1.10xba83Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.555953026 CET192.168.2.101.1.1.10xd071Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.286808968 CET192.168.2.101.1.1.10xdf98Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.427573919 CET192.168.2.101.1.1.10x1290Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:08.751025915 CET192.168.2.101.1.1.10x8663Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:08.889972925 CET192.168.2.101.1.1.10x9cd7Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.030591011 CET192.168.2.101.1.1.10x516Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.259605885 CET192.168.2.101.1.1.10x1220Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.991230965 CET1.1.1.1192.168.2.100x2ff6No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.997731924 CET1.1.1.1192.168.2.100xb290No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.999468088 CET1.1.1.1192.168.2.100x1acaNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:18.999468088 CET1.1.1.1192.168.2.100x1acaNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.137939930 CET1.1.1.1192.168.2.100x10d1No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.140151978 CET1.1.1.1192.168.2.100xdb5dNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.142168045 CET1.1.1.1192.168.2.100x2b93No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.276635885 CET1.1.1.1192.168.2.100xb2afNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.279525995 CET1.1.1.1192.168.2.100xf889No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.314367056 CET1.1.1.1192.168.2.100x9422No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.540054083 CET1.1.1.1192.168.2.100xd429No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.554272890 CET1.1.1.1192.168.2.100x9905No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.554272890 CET1.1.1.1192.168.2.100x9905No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.554636955 CET1.1.1.1192.168.2.100xf43fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.554636955 CET1.1.1.1192.168.2.100xf43fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.593421936 CET1.1.1.1192.168.2.100xbce6No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.593421936 CET1.1.1.1192.168.2.100xbce6No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.593421936 CET1.1.1.1192.168.2.100xbce6No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.700987101 CET1.1.1.1192.168.2.100x227No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.702397108 CET1.1.1.1192.168.2.100x103No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.824023008 CET1.1.1.1192.168.2.100xb05dNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.989980936 CET1.1.1.1192.168.2.100x3137No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.623383999 CET1.1.1.1192.168.2.100xa276No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.625638008 CET1.1.1.1192.168.2.100x3557No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.625638008 CET1.1.1.1192.168.2.100x3557No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.709467888 CET1.1.1.1192.168.2.100x2287No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.798084974 CET1.1.1.1192.168.2.100xc50eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.798084974 CET1.1.1.1192.168.2.100xc50eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.862685919 CET1.1.1.1192.168.2.100xd350No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.015891075 CET1.1.1.1192.168.2.100xca7bNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.558737993 CET1.1.1.1192.168.2.100x1424No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.558737993 CET1.1.1.1192.168.2.100x1424No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.920669079 CET1.1.1.1192.168.2.100xf55dNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.920669079 CET1.1.1.1192.168.2.100xf55dNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.920763016 CET1.1.1.1192.168.2.100x807bNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.061677933 CET1.1.1.1192.168.2.100x2d44No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.064547062 CET1.1.1.1192.168.2.100x998dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.457787037 CET1.1.1.1192.168.2.100xeb4bNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.457787037 CET1.1.1.1192.168.2.100xeb4bNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.457787037 CET1.1.1.1192.168.2.100xeb4bNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.529580116 CET1.1.1.1192.168.2.100x32ddNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:26.223434925 CET1.1.1.1192.168.2.100x77f5No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279112101 CET1.1.1.1192.168.2.100x7ccbNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279391050 CET1.1.1.1192.168.2.100x1a2fNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279391050 CET1.1.1.1192.168.2.100x1a2fNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279814959 CET1.1.1.1192.168.2.100xd4e1No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.279814959 CET1.1.1.1192.168.2.100xd4e1No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.092279911 CET1.1.1.1192.168.2.100x34c6No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.093102932 CET1.1.1.1192.168.2.100x9ddaNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.096798897 CET1.1.1.1192.168.2.100x20d0No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241508007 CET1.1.1.1192.168.2.100x50a3No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241508007 CET1.1.1.1192.168.2.100x50a3No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241508007 CET1.1.1.1192.168.2.100x50a3No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241508007 CET1.1.1.1192.168.2.100x50a3No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241550922 CET1.1.1.1192.168.2.100x4b11No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.241741896 CET1.1.1.1192.168.2.100xb9a6No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.386394978 CET1.1.1.1192.168.2.100x4785No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.388566971 CET1.1.1.1192.168.2.100x8195No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.388566971 CET1.1.1.1192.168.2.100x8195No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.388566971 CET1.1.1.1192.168.2.100x8195No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.388566971 CET1.1.1.1192.168.2.100x8195No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.388566971 CET1.1.1.1192.168.2.100x8195No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.526627064 CET1.1.1.1192.168.2.100xd564No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.530410051 CET1.1.1.1192.168.2.100xaabaNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.530410051 CET1.1.1.1192.168.2.100xaabaNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.530410051 CET1.1.1.1192.168.2.100xaabaNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.530410051 CET1.1.1.1192.168.2.100xaabaNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.708992958 CET1.1.1.1192.168.2.100x5d67No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.708992958 CET1.1.1.1192.168.2.100x5d67No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.768543959 CET1.1.1.1192.168.2.100xd4bfNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.768543959 CET1.1.1.1192.168.2.100xd4bfNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.768543959 CET1.1.1.1192.168.2.100xd4bfNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.768543959 CET1.1.1.1192.168.2.100xd4bfNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.848099947 CET1.1.1.1192.168.2.100x11e3No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.908596039 CET1.1.1.1192.168.2.100xe5c9No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.908596039 CET1.1.1.1192.168.2.100xe5c9No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.908596039 CET1.1.1.1192.168.2.100xe5c9No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:46.908596039 CET1.1.1.1192.168.2.100xe5c9No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.114856958 CET1.1.1.1192.168.2.100x8824No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.114856958 CET1.1.1.1192.168.2.100x8824No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.114856958 CET1.1.1.1192.168.2.100x8824No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.114856958 CET1.1.1.1192.168.2.100x8824No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.917489052 CET1.1.1.1192.168.2.100x9f63No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.917489052 CET1.1.1.1192.168.2.100x9f63No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.096235991 CET1.1.1.1192.168.2.100xf2d5No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.948868990 CET1.1.1.1192.168.2.100xd071No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.948868990 CET1.1.1.1192.168.2.100xd071No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:47.425920010 CET1.1.1.1192.168.2.100xdf98No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:08.888408899 CET1.1.1.1192.168.2.100x8663No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:09.029496908 CET1.1.1.1192.168.2.100x9cd7No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.396569014 CET1.1.1.1192.168.2.100x1220No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.396569014 CET1.1.1.1192.168.2.100x1220No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                    • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                    0192.168.2.104973034.107.221.82805632C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:19.123024940 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.211453915 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21835
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.094736099 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.410036087 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21836
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                    1192.168.2.104973734.107.221.82805632C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:20.927954912 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                    2192.168.2.104974634.107.221.82805632C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:21.848961115 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.936014891 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54294
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.385314941 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.701502085 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54297
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:30.982631922 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.299149036 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54303
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.048666954 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.364969015 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54304
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.857259035 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.174984932 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54306
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.617630005 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:35.007879019 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54306
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.300816059 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.616774082 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54311
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.218532085 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.537209988 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54317
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.063065052 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.379261017 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54320
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.543560982 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.858501911 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54321
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:59.861860037 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.900299072 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:07.215692043 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54339
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:17.227914095 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.134644985 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.451251984 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54351
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.182907104 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.498097897 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54352
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:30.502860069 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:40.631551981 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.994327068 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:49.309643030 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54381
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:59.316173077 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:09.446811914 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:19.577316046 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:29.704205990 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:39.832767010 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:49.962985992 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.581511021 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.901487112 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 54462
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                    3192.168.2.104974834.107.221.82805632C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:22.904836893 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:23.991956949 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21469
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.387332916 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:25.703452110 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21471
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.094852924 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:31.410119057 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21477
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:32.842669010 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.159406900 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21479
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:33.857767105 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:34.177798986 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21480
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:38.983383894 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:39.297719955 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21485
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:44.900006056 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:45.214512110 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21491
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:47.743743896 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:48.058171988 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21493
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.222121954 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:49.540049076 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21495
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:13:59.545330048 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.579879045 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:06.896589041 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21512
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:16.911343098 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.555542946 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:18.873925924 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21524
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:19.798963070 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:20.118108034 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21525
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:30.132929087 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:40.261596918 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.675534964 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:48.990744114 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21554
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:14:58.999526978 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:09.130197048 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:19.260309935 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:29.387728930 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:39.516483068 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:15:49.646641970 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.259396076 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 20, 2024 17:16:10.577316046 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 21636
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:09
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\nM0h824cc3.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\nM0h824cc3.exe"
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x890000
                                                                                                                                                                                                                                                                                                                                                                    File size:968'192 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:44A8228720EF89DDEF7843DD2093FA37
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:10
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x630000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:10
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:13
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x630000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:13
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:13
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x630000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:13
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:13
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x630000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:13
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:13
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x630000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:13
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff620390000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:14
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff613480000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:14
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff613480000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:14
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff613480000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:15
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2228 -prefMapHandle 2220 -prefsLen 25358 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e51040-7af1-400c-a3b0-8714369a1c57} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 1760c06d310 socket
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff613480000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:16
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3928 -parentBuildID 20230927232528 -prefsHandle 3672 -prefMapHandle 3884 -prefsLen 26373 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f59c0ddb-254f-4dbd-9d51-30a0b23a1a2f} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 1761e357610 rdd
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff613480000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                                                                                                                                                    Start time:11:13:21
                                                                                                                                                                                                                                                                                                                                                                    Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5016 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 33184 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35f57696-847d-47df-824e-7c23c7b21619} 5632 "\\.\pipe\gecko-crash-server-pipe.5632" 17624260110 utility
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff613480000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:2.5%
                                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:4.2%
                                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:1750
                                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:60
                                                                                                                                                                                                                                                                                                                                                                      execution_graph 97779 891cad SystemParametersInfoW 96372 922a55 96380 901ebc 96372->96380 96375 922a70 96382 8f39c0 22 API calls 96375->96382 96376 922a87 96378 922a7c 96383 8f417d 22 API calls __fread_nolock 96378->96383 96381 901ec3 IsWindow 96380->96381 96381->96375 96381->96376 96382->96378 96383->96376 97780 8d2ba5 97781 8d2baf 97780->97781 97782 892b25 97780->97782 97784 893a5a 24 API calls 97781->97784 97808 892b83 7 API calls 97782->97808 97786 8d2bb8 97784->97786 97788 899cb3 22 API calls 97786->97788 97790 8d2bc6 97788->97790 97789 892b2f 97794 893837 49 API calls 97789->97794 97798 892b44 97789->97798 97791 8d2bce 97790->97791 97792 8d2bf5 97790->97792 97795 8933c6 22 API calls 97791->97795 97793 8933c6 22 API calls 97792->97793 97806 8d2bf1 GetForegroundWindow ShellExecuteW 97793->97806 97794->97798 97796 8d2bd9 97795->97796 97812 896350 22 API calls 97796->97812 97799 892b5f 97798->97799 97802 8930f2 Shell_NotifyIconW 97798->97802 97805 892b66 SetCurrentDirectoryW 97799->97805 97801 8d2c26 97801->97799 97802->97799 97803 8d2be7 97804 8933c6 22 API calls 97803->97804 97804->97806 97807 892b7a 97805->97807 97806->97801 97813 892cd4 7 API calls 97808->97813 97810 892b2a 97811 892c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97810->97811 97811->97789 97812->97803 97813->97810 97814 892de3 97815 892df0 __wsopen_s 97814->97815 97816 892e09 97815->97816 97817 8d2c2b ___scrt_fastfail 97815->97817 97818 893aa2 23 API calls 97816->97818 97819 8d2c47 GetOpenFileNameW 97817->97819 97820 892e12 97818->97820 97821 8d2c96 97819->97821 97830 892da5 97820->97830 97823 896b57 22 API calls 97821->97823 97825 8d2cab 97823->97825 97825->97825 97827 892e27 97848 8944a8 97827->97848 97831 8d1f50 __wsopen_s 97830->97831 97832 892db2 GetLongPathNameW 97831->97832 97833 896b57 22 API calls 97832->97833 97834 892dda 97833->97834 97835 893598 97834->97835 97836 89a961 22 API calls 97835->97836 97837 8935aa 97836->97837 97838 893aa2 23 API calls 97837->97838 97839 8935b5 97838->97839 97840 8935c0 97839->97840 97844 8d32eb 97839->97844 97841 89515f 22 API calls 97840->97841 97843 8935cc 97841->97843 97878 8935f3 97843->97878 97846 8d330d 97844->97846 97884 8ace60 41 API calls 97844->97884 97847 8935df 97847->97827 97885 894ecb 97848->97885 97851 8d3833 97907 902cf9 97851->97907 97853 894ecb 94 API calls 97855 8944e1 97853->97855 97854 8d3848 97856 8d384c 97854->97856 97857 8d3869 97854->97857 97855->97851 97858 8944e9 97855->97858 97948 894f39 97856->97948 97862 8afe0b 22 API calls 97857->97862 97859 8d3854 97858->97859 97860 8944f5 97858->97860 97954 8fda5a 82 API calls 97859->97954 97947 89940c 136 API calls 2 library calls 97860->97947 97870 8d38ae 97862->97870 97865 892e31 97866 8d3862 97866->97857 97867 8d3a5f 97873 8d3a67 97867->97873 97868 894f39 68 API calls 97868->97873 97870->97867 97870->97873 97875 899cb3 22 API calls 97870->97875 97933 89a4a1 97870->97933 97941 893ff7 97870->97941 97955 8f967e 22 API calls __fread_nolock 97870->97955 97956 8f95ad 42 API calls _wcslen 97870->97956 97957 900b5a 22 API calls 97870->97957 97873->97868 97958 8f989b 82 API calls __wsopen_s 97873->97958 97875->97870 97879 893605 97878->97879 97883 893624 __fread_nolock 97878->97883 97881 8afe0b 22 API calls 97879->97881 97880 8afddb 22 API calls 97882 89363b 97880->97882 97881->97883 97882->97847 97883->97880 97884->97844 97959 894e90 LoadLibraryA 97885->97959 97890 8d3ccf 97892 894f39 68 API calls 97890->97892 97891 894ef6 LoadLibraryExW 97967 894e59 LoadLibraryA 97891->97967 97894 8d3cd6 97892->97894 97896 894e59 3 API calls 97894->97896 97900 8d3cde 97896->97900 97898 894f20 97899 894f2c 97898->97899 97898->97900 97901 894f39 68 API calls 97899->97901 97989 8950f5 97900->97989 97903 8944cd 97901->97903 97903->97851 97903->97853 97906 8d3d05 97908 902d15 97907->97908 97909 89511f 64 API calls 97908->97909 97910 902d29 97909->97910 98120 902e66 97910->98120 97913 902d3f 97913->97854 97914 8950f5 40 API calls 97915 902d56 97914->97915 97916 8950f5 40 API calls 97915->97916 97917 902d66 97916->97917 97918 8950f5 40 API calls 97917->97918 97919 902d81 97918->97919 97920 8950f5 40 API calls 97919->97920 97921 902d9c 97920->97921 97922 89511f 64 API calls 97921->97922 97923 902db3 97922->97923 97924 8bea0c ___std_exception_copy 21 API calls 97923->97924 97925 902dba 97924->97925 97926 8bea0c ___std_exception_copy 21 API calls 97925->97926 97927 902dc4 97926->97927 97928 8950f5 40 API calls 97927->97928 97929 902dd8 97928->97929 97930 9028fe 27 API calls 97929->97930 97931 902dee 97930->97931 97931->97913 98126 9022ce 79 API calls 97931->98126 97934 89a52b 97933->97934 97940 89a4b1 __fread_nolock 97933->97940 97936 8afe0b 22 API calls 97934->97936 97935 8afddb 22 API calls 97937 89a4b8 97935->97937 97936->97940 97938 8afddb 22 API calls 97937->97938 97939 89a4d6 97937->97939 97938->97939 97939->97870 97940->97935 97942 89400a 97941->97942 97944 8940ae 97941->97944 97943 8afe0b 22 API calls 97942->97943 97945 89403c 97942->97945 97943->97945 97944->97870 97945->97944 97946 8afddb 22 API calls 97945->97946 97946->97945 97947->97865 97949 894f4a 97948->97949 97950 894f43 97948->97950 97952 894f59 97949->97952 97953 894f6a FreeLibrary 97949->97953 98127 8be678 97950->98127 97952->97859 97953->97952 97954->97866 97955->97870 97956->97870 97957->97870 97958->97873 97960 894ea8 GetProcAddress 97959->97960 97961 894ec6 97959->97961 97962 894eb8 97960->97962 97964 8be5eb 97961->97964 97962->97961 97963 894ebf FreeLibrary 97962->97963 97963->97961 97997 8be52a 97964->97997 97966 894eea 97966->97890 97966->97891 97968 894e8d 97967->97968 97969 894e6e GetProcAddress 97967->97969 97972 894f80 97968->97972 97970 894e7e 97969->97970 97970->97968 97971 894e86 FreeLibrary 97970->97971 97971->97968 97973 8afe0b 22 API calls 97972->97973 97974 894f95 97973->97974 97975 895722 22 API calls 97974->97975 97976 894fa1 __fread_nolock 97975->97976 97977 8d3d1d 97976->97977 97978 8950a5 97976->97978 97988 894fdc 97976->97988 98060 90304d 74 API calls 97977->98060 98049 8942a2 CreateStreamOnHGlobal 97978->98049 97981 8d3d22 97983 89511f 64 API calls 97981->97983 97982 8950f5 40 API calls 97982->97988 97984 8d3d45 97983->97984 97985 8950f5 40 API calls 97984->97985 97987 89506e messages 97985->97987 97987->97898 97988->97981 97988->97982 97988->97987 98055 89511f 97988->98055 97990 8d3d70 97989->97990 97991 895107 97989->97991 98082 8be8c4 97991->98082 97994 9028fe 98103 90274e 97994->98103 97996 902919 97996->97906 98000 8be536 ___scrt_is_nonwritable_in_current_image 97997->98000 97998 8be544 98022 8bf2d9 20 API calls _abort 97998->98022 98000->97998 98002 8be574 98000->98002 98001 8be549 98023 8c27ec 26 API calls pre_c_initialization 98001->98023 98003 8be579 98002->98003 98004 8be586 98002->98004 98024 8bf2d9 20 API calls _abort 98003->98024 98014 8c8061 98004->98014 98008 8be58f 98009 8be5a2 98008->98009 98010 8be595 98008->98010 98026 8be5d4 LeaveCriticalSection __fread_nolock 98009->98026 98025 8bf2d9 20 API calls _abort 98010->98025 98011 8be554 __fread_nolock 98011->97966 98015 8c806d ___scrt_is_nonwritable_in_current_image 98014->98015 98027 8c2f5e EnterCriticalSection 98015->98027 98017 8c807b 98028 8c80fb 98017->98028 98021 8c80ac __fread_nolock 98021->98008 98022->98001 98023->98011 98024->98011 98025->98011 98026->98011 98027->98017 98036 8c811e 98028->98036 98029 8c8177 98030 8c4c7d _abort 20 API calls 98029->98030 98031 8c8180 98030->98031 98033 8c29c8 _free 20 API calls 98031->98033 98034 8c8189 98033->98034 98040 8c8088 98034->98040 98046 8c3405 11 API calls 2 library calls 98034->98046 98036->98029 98036->98040 98044 8b918d EnterCriticalSection 98036->98044 98045 8b91a1 LeaveCriticalSection 98036->98045 98037 8c81a8 98047 8b918d EnterCriticalSection 98037->98047 98041 8c80b7 98040->98041 98048 8c2fa6 LeaveCriticalSection 98041->98048 98043 8c80be 98043->98021 98044->98036 98045->98036 98046->98037 98047->98040 98048->98043 98050 8942bc FindResourceExW 98049->98050 98054 8942d9 98049->98054 98051 8d35ba LoadResource 98050->98051 98050->98054 98052 8d35cf SizeofResource 98051->98052 98051->98054 98053 8d35e3 LockResource 98052->98053 98052->98054 98053->98054 98054->97988 98056 89512e 98055->98056 98057 8d3d90 98055->98057 98061 8bece3 98056->98061 98060->97981 98064 8beaaa 98061->98064 98063 89513c 98063->97988 98068 8beab6 ___scrt_is_nonwritable_in_current_image 98064->98068 98065 8beac2 98077 8bf2d9 20 API calls _abort 98065->98077 98067 8beae8 98079 8b918d EnterCriticalSection 98067->98079 98068->98065 98068->98067 98069 8beac7 98078 8c27ec 26 API calls pre_c_initialization 98069->98078 98072 8beaf4 98080 8bec0a 62 API calls 2 library calls 98072->98080 98074 8beb08 98081 8beb27 LeaveCriticalSection __fread_nolock 98074->98081 98076 8bead2 __fread_nolock 98076->98063 98077->98069 98078->98076 98079->98072 98080->98074 98081->98076 98085 8be8e1 98082->98085 98084 895118 98084->97994 98086 8be8ed ___scrt_is_nonwritable_in_current_image 98085->98086 98087 8be92d 98086->98087 98088 8be900 ___scrt_fastfail 98086->98088 98089 8be925 __fread_nolock 98086->98089 98100 8b918d EnterCriticalSection 98087->98100 98098 8bf2d9 20 API calls _abort 98088->98098 98089->98084 98092 8be937 98101 8be6f8 38 API calls 4 library calls 98092->98101 98093 8be91a 98099 8c27ec 26 API calls pre_c_initialization 98093->98099 98096 8be94e 98102 8be96c LeaveCriticalSection __fread_nolock 98096->98102 98098->98093 98099->98089 98100->98092 98101->98096 98102->98089 98106 8be4e8 98103->98106 98105 90275d 98105->97996 98109 8be469 98106->98109 98108 8be505 98108->98105 98110 8be478 98109->98110 98111 8be48c 98109->98111 98117 8bf2d9 20 API calls _abort 98110->98117 98116 8be488 __alldvrm 98111->98116 98119 8c333f 11 API calls 2 library calls 98111->98119 98113 8be47d 98118 8c27ec 26 API calls pre_c_initialization 98113->98118 98116->98108 98117->98113 98118->98116 98119->98116 98125 902e7a 98120->98125 98121 902d3b 98121->97913 98121->97914 98122 8950f5 40 API calls 98122->98125 98123 9028fe 27 API calls 98123->98125 98124 89511f 64 API calls 98124->98125 98125->98121 98125->98122 98125->98123 98125->98124 98126->97913 98128 8be684 ___scrt_is_nonwritable_in_current_image 98127->98128 98129 8be6aa 98128->98129 98130 8be695 98128->98130 98139 8be6a5 __fread_nolock 98129->98139 98142 8b918d EnterCriticalSection 98129->98142 98140 8bf2d9 20 API calls _abort 98130->98140 98133 8be69a 98141 8c27ec 26 API calls pre_c_initialization 98133->98141 98134 8be6c6 98143 8be602 98134->98143 98137 8be6d1 98159 8be6ee LeaveCriticalSection __fread_nolock 98137->98159 98139->97949 98140->98133 98141->98139 98142->98134 98144 8be60f 98143->98144 98145 8be624 98143->98145 98160 8bf2d9 20 API calls _abort 98144->98160 98150 8be61f 98145->98150 98162 8bdc0b 98145->98162 98147 8be614 98161 8c27ec 26 API calls pre_c_initialization 98147->98161 98150->98137 98155 8be646 98179 8c862f 98155->98179 98158 8c29c8 _free 20 API calls 98158->98150 98159->98139 98160->98147 98161->98150 98163 8bdc23 98162->98163 98167 8bdc1f 98162->98167 98164 8bd955 __fread_nolock 26 API calls 98163->98164 98163->98167 98165 8bdc43 98164->98165 98194 8c59be 62 API calls 6 library calls 98165->98194 98168 8c4d7a 98167->98168 98169 8be640 98168->98169 98170 8c4d90 98168->98170 98172 8bd955 98169->98172 98170->98169 98171 8c29c8 _free 20 API calls 98170->98171 98171->98169 98173 8bd961 98172->98173 98174 8bd976 98172->98174 98195 8bf2d9 20 API calls _abort 98173->98195 98174->98155 98176 8bd966 98196 8c27ec 26 API calls pre_c_initialization 98176->98196 98178 8bd971 98178->98155 98180 8c863e 98179->98180 98181 8c8653 98179->98181 98197 8bf2c6 20 API calls _abort 98180->98197 98183 8c868e 98181->98183 98186 8c867a 98181->98186 98202 8bf2c6 20 API calls _abort 98183->98202 98185 8c8643 98198 8bf2d9 20 API calls _abort 98185->98198 98199 8c8607 98186->98199 98187 8c8693 98203 8bf2d9 20 API calls _abort 98187->98203 98191 8be64c 98191->98150 98191->98158 98192 8c869b 98204 8c27ec 26 API calls pre_c_initialization 98192->98204 98194->98167 98195->98176 98196->98178 98197->98185 98198->98191 98205 8c8585 98199->98205 98201 8c862b 98201->98191 98202->98187 98203->98192 98204->98191 98206 8c8591 ___scrt_is_nonwritable_in_current_image 98205->98206 98216 8c5147 EnterCriticalSection 98206->98216 98208 8c859f 98209 8c85c6 98208->98209 98210 8c85d1 98208->98210 98212 8c86ae __wsopen_s 29 API calls 98209->98212 98217 8bf2d9 20 API calls _abort 98210->98217 98213 8c85cc 98212->98213 98218 8c85fb LeaveCriticalSection __wsopen_s 98213->98218 98215 8c85ee __fread_nolock 98215->98201 98216->98208 98217->98213 98218->98215 98219 89dee5 98222 89b710 98219->98222 98223 89b72b 98222->98223 98224 8e00f8 98223->98224 98225 8e0146 98223->98225 98252 89b750 98223->98252 98226 8e010f 98224->98226 98229 8e0102 98224->98229 98224->98252 98264 9158a2 348 API calls 2 library calls 98225->98264 98248 89ba20 98226->98248 98263 9161d0 348 API calls 2 library calls 98226->98263 98262 915d33 348 API calls 98229->98262 98234 8e03d9 98234->98234 98236 89bbe0 40 API calls 98236->98252 98238 8ad336 40 API calls 98238->98252 98240 89ba4e 98241 8e0322 98267 915c0c 82 API calls 98241->98267 98245 89aceb 23 API calls 98245->98252 98248->98240 98268 90359c 82 API calls __wsopen_s 98248->98268 98249 89ec40 348 API calls 98249->98252 98252->98236 98252->98238 98252->98240 98252->98241 98252->98245 98252->98248 98252->98249 98253 89a81b 41 API calls 98252->98253 98254 8ad2f0 40 API calls 98252->98254 98255 8aa01b 348 API calls 98252->98255 98256 8b0242 5 API calls __Init_thread_wait 98252->98256 98257 8aedcd 22 API calls 98252->98257 98258 8b00a3 29 API calls __onexit 98252->98258 98259 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98252->98259 98260 8aee53 82 API calls 98252->98260 98261 8ae5ca 348 API calls 98252->98261 98265 8ef6bf 23 API calls 98252->98265 98266 89a8c7 22 API calls __fread_nolock 98252->98266 98253->98252 98254->98252 98255->98252 98256->98252 98257->98252 98258->98252 98259->98252 98260->98252 98261->98252 98262->98226 98263->98248 98264->98252 98265->98252 98266->98252 98267->98248 98268->98234 96384 891044 96389 8910f3 96384->96389 96386 89104a 96425 8b00a3 29 API calls __onexit 96386->96425 96388 891054 96426 891398 96389->96426 96393 89116a 96436 89a961 96393->96436 96396 89a961 22 API calls 96397 89117e 96396->96397 96398 89a961 22 API calls 96397->96398 96399 891188 96398->96399 96400 89a961 22 API calls 96399->96400 96401 8911c6 96400->96401 96402 89a961 22 API calls 96401->96402 96403 891292 96402->96403 96441 89171c 96403->96441 96407 8912c4 96408 89a961 22 API calls 96407->96408 96409 8912ce 96408->96409 96462 8a1940 96409->96462 96411 8912f9 96472 891aab 96411->96472 96413 891315 96414 891325 GetStdHandle 96413->96414 96415 89137a 96414->96415 96416 8d2485 96414->96416 96420 891387 OleInitialize 96415->96420 96416->96415 96417 8d248e 96416->96417 96479 8afddb 96417->96479 96419 8d2495 96489 90011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96419->96489 96420->96386 96422 8d249e 96490 900944 CreateThread 96422->96490 96424 8d24aa CloseHandle 96424->96415 96425->96388 96491 8913f1 96426->96491 96429 8913f1 22 API calls 96430 8913d0 96429->96430 96431 89a961 22 API calls 96430->96431 96432 8913dc 96431->96432 96498 896b57 96432->96498 96434 891129 96435 891bc3 6 API calls 96434->96435 96435->96393 96437 8afe0b 22 API calls 96436->96437 96438 89a976 96437->96438 96439 8afddb 22 API calls 96438->96439 96440 891174 96439->96440 96440->96396 96442 89a961 22 API calls 96441->96442 96443 89172c 96442->96443 96444 89a961 22 API calls 96443->96444 96445 891734 96444->96445 96446 89a961 22 API calls 96445->96446 96447 89174f 96446->96447 96448 8afddb 22 API calls 96447->96448 96449 89129c 96448->96449 96450 891b4a 96449->96450 96451 891b58 96450->96451 96452 89a961 22 API calls 96451->96452 96453 891b63 96452->96453 96454 89a961 22 API calls 96453->96454 96455 891b6e 96454->96455 96456 89a961 22 API calls 96455->96456 96457 891b79 96456->96457 96458 89a961 22 API calls 96457->96458 96459 891b84 96458->96459 96460 8afddb 22 API calls 96459->96460 96461 891b96 RegisterWindowMessageW 96460->96461 96461->96407 96463 8a1981 96462->96463 96470 8a195d 96462->96470 96543 8b0242 5 API calls __Init_thread_wait 96463->96543 96465 8a196e 96465->96411 96466 8a198b 96466->96470 96544 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96466->96544 96468 8a8727 96468->96465 96546 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96468->96546 96470->96465 96545 8b0242 5 API calls __Init_thread_wait 96470->96545 96473 8d272d 96472->96473 96474 891abb 96472->96474 96547 903209 23 API calls 96473->96547 96475 8afddb 22 API calls 96474->96475 96477 891ac3 96475->96477 96477->96413 96478 8d2738 96482 8afde0 96479->96482 96480 8bea0c ___std_exception_copy 21 API calls 96480->96482 96481 8afdfa 96481->96419 96482->96480 96482->96481 96485 8afdfc 96482->96485 96548 8b4ead 7 API calls 2 library calls 96482->96548 96484 8b066d 96550 8b32a4 RaiseException 96484->96550 96485->96484 96549 8b32a4 RaiseException 96485->96549 96487 8b068a 96487->96419 96489->96422 96490->96424 96551 90092a 28 API calls 96490->96551 96492 89a961 22 API calls 96491->96492 96493 8913fc 96492->96493 96494 89a961 22 API calls 96493->96494 96495 891404 96494->96495 96496 89a961 22 API calls 96495->96496 96497 8913c6 96496->96497 96497->96429 96499 8d4ba1 96498->96499 96500 896b67 _wcslen 96498->96500 96521 8993b2 96499->96521 96503 896b7d 96500->96503 96504 896ba2 96500->96504 96502 8d4baa 96502->96502 96510 896f34 22 API calls 96503->96510 96506 8afddb 22 API calls 96504->96506 96507 896bae 96506->96507 96511 8afe0b 96507->96511 96508 896b85 __fread_nolock 96508->96434 96510->96508 96513 8afddb 96511->96513 96514 8afdfa 96513->96514 96517 8afdfc 96513->96517 96525 8bea0c 96513->96525 96532 8b4ead 7 API calls 2 library calls 96513->96532 96514->96508 96516 8b066d 96534 8b32a4 RaiseException 96516->96534 96517->96516 96533 8b32a4 RaiseException 96517->96533 96519 8b068a 96519->96508 96522 8993c0 96521->96522 96524 8993c9 __fread_nolock 96521->96524 96522->96524 96537 89aec9 96522->96537 96524->96502 96530 8c3820 _abort 96525->96530 96526 8c385e 96536 8bf2d9 20 API calls _abort 96526->96536 96528 8c3849 RtlAllocateHeap 96529 8c385c 96528->96529 96528->96530 96529->96513 96530->96526 96530->96528 96535 8b4ead 7 API calls 2 library calls 96530->96535 96532->96513 96533->96516 96534->96519 96535->96530 96536->96529 96538 89aed9 __fread_nolock 96537->96538 96539 89aedc 96537->96539 96538->96524 96540 8afddb 22 API calls 96539->96540 96541 89aee7 96540->96541 96542 8afe0b 22 API calls 96541->96542 96542->96538 96543->96466 96544->96470 96545->96468 96546->96465 96547->96478 96548->96482 96549->96484 96550->96487 96552 8e2a00 96553 89d7b0 messages 96552->96553 96554 89db11 PeekMessageW 96553->96554 96555 89d807 GetInputState 96553->96555 96556 8e1cbe TranslateAcceleratorW 96553->96556 96558 89db8f PeekMessageW 96553->96558 96559 89da04 timeGetTime 96553->96559 96560 89db73 TranslateMessage DispatchMessageW 96553->96560 96561 89dbaf Sleep 96553->96561 96562 8e2b74 Sleep 96553->96562 96565 8e1dda timeGetTime 96553->96565 96573 8e2a51 96553->96573 96574 89d9d5 96553->96574 96584 89dd50 96553->96584 96591 89dfd0 96553->96591 96619 89bf40 96553->96619 96677 8aedf6 96553->96677 96682 8a1310 96553->96682 96739 8ae551 timeGetTime 96553->96739 96741 903a2a 23 API calls 96553->96741 96742 89ec40 96553->96742 96766 90359c 82 API calls __wsopen_s 96553->96766 96554->96553 96555->96553 96555->96554 96556->96553 96558->96553 96559->96553 96560->96558 96561->96553 96562->96573 96740 8ae300 23 API calls 96565->96740 96568 8e2c0b GetExitCodeProcess 96571 8e2c37 CloseHandle 96568->96571 96572 8e2c21 WaitForSingleObject 96568->96572 96569 9229bf GetForegroundWindow 96569->96573 96571->96573 96572->96553 96572->96571 96573->96553 96573->96568 96573->96569 96573->96574 96575 8e2ca9 Sleep 96573->96575 96767 915658 23 API calls 96573->96767 96768 8fe97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96573->96768 96769 8ae551 timeGetTime 96573->96769 96770 8fd4dc CreateToolhelp32Snapshot Process32FirstW 96573->96770 96575->96553 96585 89dd6f 96584->96585 96586 89dd83 96584->96586 96780 89d260 96585->96780 96812 90359c 82 API calls __wsopen_s 96586->96812 96588 89dd7a 96588->96553 96590 8e2f75 96590->96590 96593 89e010 96591->96593 96592 8e2f7a 96594 89ec40 348 API calls 96592->96594 96593->96592 96595 89e075 96593->96595 96596 8e2f8c 96594->96596 96607 89e0dc messages 96595->96607 96826 8b0242 5 API calls __Init_thread_wait 96595->96826 96596->96607 96825 90359c 82 API calls __wsopen_s 96596->96825 96600 8e2fca 96603 89a961 22 API calls 96600->96603 96600->96607 96601 89a961 22 API calls 96601->96607 96602 90359c 82 API calls 96602->96607 96606 8e2fe4 96603->96606 96827 8b00a3 29 API calls __onexit 96606->96827 96607->96601 96607->96602 96612 89ec40 348 API calls 96607->96612 96615 8a04f0 22 API calls 96607->96615 96616 89e3e1 96607->96616 96822 89a8c7 22 API calls __fread_nolock 96607->96822 96823 89a81b 41 API calls 96607->96823 96824 8aa308 348 API calls 96607->96824 96829 8b0242 5 API calls __Init_thread_wait 96607->96829 96830 8b00a3 29 API calls __onexit 96607->96830 96831 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96607->96831 96832 9147d4 348 API calls 96607->96832 96833 9168c1 348 API calls 96607->96833 96610 8e2fee 96828 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96610->96828 96612->96607 96615->96607 96616->96553 96834 89adf0 96619->96834 96621 89bf9d 96622 89bfa9 96621->96622 96623 8e04b6 96621->96623 96625 8e04c6 96622->96625 96626 89c01e 96622->96626 96862 90359c 82 API calls __wsopen_s 96623->96862 96863 90359c 82 API calls __wsopen_s 96625->96863 96839 89ac91 96626->96839 96630 89c7da 96633 8afe0b 22 API calls 96630->96633 96642 89c808 __fread_nolock 96633->96642 96635 8e04f5 96638 8e055a 96635->96638 96864 8ad217 348 API calls 96635->96864 96658 89c603 96638->96658 96865 90359c 82 API calls __wsopen_s 96638->96865 96639 8afe0b 22 API calls 96647 89c350 __fread_nolock messages 96639->96647 96640 89af8a 22 API calls 96644 89c039 __fread_nolock messages 96640->96644 96641 8f7120 22 API calls 96641->96644 96642->96639 96643 8e091a 96874 903209 23 API calls 96643->96874 96644->96630 96644->96635 96644->96638 96644->96640 96644->96641 96644->96642 96644->96643 96648 89ec40 348 API calls 96644->96648 96649 8e08a5 96644->96649 96653 8e0591 96644->96653 96654 8e08f6 96644->96654 96644->96658 96660 89aceb 23 API calls 96644->96660 96661 89c237 96644->96661 96663 8afe0b 22 API calls 96644->96663 96668 8afddb 22 API calls 96644->96668 96672 8e09bf 96644->96672 96674 89bbe0 40 API calls 96644->96674 96843 89ad81 96644->96843 96867 8f7099 22 API calls __fread_nolock 96644->96867 96868 915745 54 API calls _wcslen 96644->96868 96869 8aaa42 22 API calls messages 96644->96869 96870 8ff05c 40 API calls 96644->96870 96871 89a993 41 API calls 96644->96871 96676 89c3ac 96647->96676 96861 8ace17 22 API calls messages 96647->96861 96648->96644 96650 89ec40 348 API calls 96649->96650 96652 8e08cf 96650->96652 96652->96658 96872 89a81b 41 API calls 96652->96872 96866 90359c 82 API calls __wsopen_s 96653->96866 96873 90359c 82 API calls __wsopen_s 96654->96873 96658->96553 96660->96644 96662 89c253 96661->96662 96875 89a8c7 22 API calls __fread_nolock 96661->96875 96665 8e0976 96662->96665 96670 89c297 messages 96662->96670 96663->96644 96667 89aceb 23 API calls 96665->96667 96667->96672 96668->96644 96670->96672 96850 89aceb 96670->96850 96671 89c335 96671->96672 96673 89c342 96671->96673 96672->96658 96876 90359c 82 API calls __wsopen_s 96672->96876 96860 89a704 22 API calls messages 96673->96860 96674->96644 96676->96553 96679 8aee12 96677->96679 96680 8aee09 96677->96680 96678 8aee36 IsDialogMessageW 96678->96679 96678->96680 96679->96678 96679->96680 96681 8eefaf GetClassLongW 96679->96681 96680->96553 96681->96678 96681->96679 96683 8a17b0 96682->96683 96684 8a1376 96682->96684 96917 8b0242 5 API calls __Init_thread_wait 96683->96917 96685 8a1390 96684->96685 96686 8e6331 96684->96686 96688 8a1940 9 API calls 96685->96688 96689 8e633d 96686->96689 96927 91709c 348 API calls 96686->96927 96693 8a13a0 96688->96693 96689->96553 96691 8a17ba 96692 8a17fb 96691->96692 96918 899cb3 96691->96918 96697 8e6346 96692->96697 96699 8a182c 96692->96699 96695 8a1940 9 API calls 96693->96695 96696 8a13b6 96695->96696 96696->96692 96698 8a13ec 96696->96698 96928 90359c 82 API calls __wsopen_s 96697->96928 96698->96697 96704 8a1408 __fread_nolock 96698->96704 96701 89aceb 23 API calls 96699->96701 96703 8a1839 96701->96703 96702 8a17d4 96924 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96702->96924 96925 8ad217 348 API calls 96703->96925 96704->96703 96707 8e636e 96704->96707 96714 8afddb 22 API calls 96704->96714 96715 8afe0b 22 API calls 96704->96715 96721 89ec40 348 API calls 96704->96721 96722 8a152f 96704->96722 96724 8e63b2 96704->96724 96727 8e6369 96704->96727 96929 90359c 82 API calls __wsopen_s 96707->96929 96709 8a153c 96712 8a1940 9 API calls 96709->96712 96710 8e63d1 96931 915745 54 API calls _wcslen 96710->96931 96713 8a1549 96712->96713 96716 8e64fa 96713->96716 96718 8a1940 9 API calls 96713->96718 96714->96704 96715->96704 96716->96727 96933 90359c 82 API calls __wsopen_s 96716->96933 96723 8a1563 96718->96723 96720 8a1872 96926 8afaeb 23 API calls 96720->96926 96721->96704 96722->96709 96722->96710 96723->96716 96729 8a15c7 messages 96723->96729 96932 89a8c7 22 API calls __fread_nolock 96723->96932 96930 90359c 82 API calls __wsopen_s 96724->96930 96727->96553 96728 8a1940 9 API calls 96728->96729 96729->96716 96729->96720 96729->96727 96729->96728 96731 8a167b messages 96729->96731 96888 91abf7 96729->96888 96893 91ab67 96729->96893 96896 91a2ea 96729->96896 96901 8af645 96729->96901 96908 905c5a 96729->96908 96913 921591 96729->96913 96730 8a171d 96730->96553 96731->96730 96916 8ace17 22 API calls messages 96731->96916 96739->96553 96740->96553 96741->96553 96748 89ec76 messages 96742->96748 96743 8afddb 22 API calls 96743->96748 96744 8e4beb 97172 90359c 82 API calls __wsopen_s 96744->97172 96746 89fef7 96754 89ed9d messages 96746->96754 97168 89a8c7 22 API calls __fread_nolock 96746->97168 96748->96743 96748->96744 96748->96746 96749 8e4b0b 96748->96749 96750 8e4600 96748->96750 96748->96754 96755 89a8c7 22 API calls 96748->96755 96758 8b0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96748->96758 96759 89fbe3 96748->96759 96760 89a961 22 API calls 96748->96760 96762 8b00a3 29 API calls pre_c_initialization 96748->96762 96764 8b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96748->96764 96765 89f3ae messages 96748->96765 97105 8a01e0 96748->97105 97166 8a06a0 41 API calls messages 96748->97166 97170 90359c 82 API calls __wsopen_s 96749->97170 96750->96754 97167 89a8c7 22 API calls __fread_nolock 96750->97167 96754->96553 96755->96748 96758->96748 96759->96754 96761 8e4bdc 96759->96761 96759->96765 96760->96748 97171 90359c 82 API calls __wsopen_s 96761->97171 96762->96748 96764->96748 96765->96754 97169 90359c 82 API calls __wsopen_s 96765->97169 96766->96553 96767->96573 96768->96573 96769->96573 97203 8fdef7 96770->97203 96772 8fd5db CloseHandle 96772->96573 96773 8fd529 Process32NextW 96773->96772 96779 8fd522 96773->96779 96774 89a961 22 API calls 96774->96779 96775 899cb3 22 API calls 96775->96779 96779->96772 96779->96773 96779->96774 96779->96775 97209 89525f 22 API calls 96779->97209 97210 896350 22 API calls 96779->97210 97211 8ace60 41 API calls 96779->97211 96781 89ec40 348 API calls 96780->96781 96798 89d29d 96781->96798 96782 8e1bc4 96821 90359c 82 API calls __wsopen_s 96782->96821 96784 89d30b messages 96784->96588 96785 89d3c3 96787 89d6d5 96785->96787 96788 89d3ce 96785->96788 96786 89d5ff 96790 8e1bb5 96786->96790 96791 89d614 96786->96791 96787->96784 96795 8afe0b 22 API calls 96787->96795 96789 8afddb 22 API calls 96788->96789 96800 89d3d5 __fread_nolock 96789->96800 96820 915705 23 API calls 96790->96820 96794 8afddb 22 API calls 96791->96794 96792 89d4b8 96796 8afe0b 22 API calls 96792->96796 96804 89d46a 96794->96804 96795->96800 96805 89d429 __fread_nolock messages 96796->96805 96797 8afddb 22 API calls 96799 89d3f6 96797->96799 96798->96782 96798->96784 96798->96785 96798->96787 96798->96792 96801 8afddb 22 API calls 96798->96801 96798->96805 96799->96805 96813 89bec0 348 API calls 96799->96813 96800->96797 96800->96799 96801->96798 96803 8e1ba4 96819 90359c 82 API calls __wsopen_s 96803->96819 96804->96588 96805->96786 96805->96803 96805->96804 96808 8e1b7f 96805->96808 96810 8e1b5d 96805->96810 96814 891f6f 96805->96814 96818 90359c 82 API calls __wsopen_s 96808->96818 96817 90359c 82 API calls __wsopen_s 96810->96817 96812->96590 96813->96805 96815 89ec40 348 API calls 96814->96815 96816 891f98 96815->96816 96816->96805 96817->96804 96818->96804 96819->96804 96820->96782 96821->96784 96822->96607 96823->96607 96824->96607 96825->96607 96826->96600 96827->96610 96828->96607 96829->96607 96830->96607 96831->96607 96832->96607 96833->96607 96835 89ae01 96834->96835 96838 89ae1c messages 96834->96838 96836 89aec9 22 API calls 96835->96836 96837 89ae09 CharUpperBuffW 96836->96837 96837->96838 96838->96621 96840 89acae 96839->96840 96841 89acd1 96840->96841 96877 90359c 82 API calls __wsopen_s 96840->96877 96841->96644 96844 8dfadb 96843->96844 96845 89ad92 96843->96845 96846 8afddb 22 API calls 96845->96846 96847 89ad99 96846->96847 96878 89adcd 96847->96878 96851 89acf9 96850->96851 96859 89ad2a messages 96850->96859 96852 89ad55 96851->96852 96853 89ad01 messages 96851->96853 96852->96859 96886 89a8c7 22 API calls __fread_nolock 96852->96886 96855 8dfa48 96853->96855 96856 89ad21 96853->96856 96853->96859 96855->96859 96887 8ace17 22 API calls messages 96855->96887 96857 8dfa3a VariantClear 96856->96857 96856->96859 96857->96859 96859->96671 96860->96647 96861->96647 96862->96625 96863->96658 96864->96638 96865->96658 96866->96658 96867->96644 96868->96644 96869->96644 96870->96644 96871->96644 96872->96654 96873->96658 96874->96661 96875->96662 96876->96658 96877->96841 96884 89addd 96878->96884 96879 89adb6 96879->96644 96880 8afddb 22 API calls 96880->96884 96881 89a961 22 API calls 96881->96884 96883 89adcd 22 API calls 96883->96884 96884->96879 96884->96880 96884->96881 96884->96883 96885 89a8c7 22 API calls __fread_nolock 96884->96885 96885->96884 96886->96859 96887->96859 96934 91aff9 96888->96934 96890 91ac0c 96891 91ac54 96890->96891 96892 89aceb 23 API calls 96890->96892 96891->96729 96892->96891 96894 91aff9 217 API calls 96893->96894 96895 91ab79 96894->96895 96895->96729 96897 897510 53 API calls 96896->96897 96898 91a306 96897->96898 96899 8fd4dc 47 API calls 96898->96899 96900 91a315 96899->96900 96900->96729 96902 89b567 39 API calls 96901->96902 96903 8af659 96902->96903 96904 8ef2dc Sleep 96903->96904 96905 8af661 timeGetTime 96903->96905 96906 89b567 39 API calls 96905->96906 96907 8af677 96906->96907 96907->96729 96909 897510 53 API calls 96908->96909 96910 905c6d 96909->96910 97089 8fdbbe lstrlenW 96910->97089 96912 905c77 96912->96729 97094 922ad8 96913->97094 96915 92159f 96915->96729 96916->96731 96917->96691 96919 899cc2 _wcslen 96918->96919 96920 8afe0b 22 API calls 96919->96920 96921 899cea __fread_nolock 96920->96921 96922 8afddb 22 API calls 96921->96922 96923 899d00 96922->96923 96923->96702 96924->96692 96925->96720 96926->96720 96927->96689 96928->96727 96929->96727 96930->96727 96931->96723 96932->96729 96933->96727 96935 91b01d ___scrt_fastfail 96934->96935 96936 91b094 96935->96936 96937 91b058 96935->96937 96939 89b567 39 API calls 96936->96939 96944 91b08b 96936->96944 97055 89b567 96937->97055 96943 91b0a5 96939->96943 96940 91b063 96940->96944 96947 89b567 39 API calls 96940->96947 96941 91b0ed 97025 897510 96941->97025 96946 89b567 39 API calls 96943->96946 96944->96941 96948 89b567 39 API calls 96944->96948 96946->96944 96950 91b078 96947->96950 96948->96941 96952 89b567 39 API calls 96950->96952 96951 91b115 96953 91b1d8 96951->96953 96954 91b11f 96951->96954 96952->96944 96956 91b20a GetCurrentDirectoryW 96953->96956 96959 897510 53 API calls 96953->96959 96955 897510 53 API calls 96954->96955 96957 91b130 96955->96957 96958 8afe0b 22 API calls 96956->96958 96961 897620 22 API calls 96957->96961 96962 91b22f GetCurrentDirectoryW 96958->96962 96960 91b1ef 96959->96960 96963 897620 22 API calls 96960->96963 96964 91b13a 96961->96964 96965 91b23c 96962->96965 96966 91b1f9 _wcslen 96963->96966 96967 897510 53 API calls 96964->96967 96969 91b275 96965->96969 97060 899c6e 22 API calls 96965->97060 96966->96956 96966->96969 96968 91b14b 96967->96968 96970 897620 22 API calls 96968->96970 96974 91b287 96969->96974 96975 91b28b 96969->96975 96972 91b155 96970->96972 96976 897510 53 API calls 96972->96976 96973 91b255 97061 899c6e 22 API calls 96973->97061 96984 91b2f8 96974->96984 96985 91b39a CreateProcessW 96974->96985 97063 9007c0 10 API calls 96975->97063 96979 91b166 96976->96979 96981 897620 22 API calls 96979->96981 96980 91b265 97062 899c6e 22 API calls 96980->97062 96986 91b170 96981->96986 96983 91b294 97064 9006e6 10 API calls 96983->97064 97066 8f11c8 39 API calls 96984->97066 97024 91b32f _wcslen 96985->97024 96990 91b1a6 GetSystemDirectoryW 96986->96990 96994 897510 53 API calls 96986->96994 96989 91b2fd 96992 91b323 96989->96992 96993 91b32a 96989->96993 96996 8afe0b 22 API calls 96990->96996 96991 91b2aa 97065 9005a7 8 API calls 96991->97065 97067 8f1201 128 API calls 2 library calls 96992->97067 97068 8f14ce 6 API calls 96993->97068 96998 91b187 96994->96998 97001 91b1cb GetSystemDirectoryW 96996->97001 97003 897620 22 API calls 96998->97003 97000 91b2d0 97000->96974 97001->96965 97002 91b328 97002->97024 97004 91b191 _wcslen 97003->97004 97004->96965 97004->96990 97005 91b3d6 GetLastError 97014 91b41a 97005->97014 97006 91b42f CloseHandle 97007 91b43f 97006->97007 97015 91b49a 97006->97015 97009 91b451 97007->97009 97010 91b446 CloseHandle 97007->97010 97012 91b463 97009->97012 97013 91b458 CloseHandle 97009->97013 97010->97009 97011 91b4a6 97011->97014 97016 91b475 97012->97016 97017 91b46a CloseHandle 97012->97017 97013->97012 97052 900175 97014->97052 97015->97011 97021 91b4d2 CloseHandle 97015->97021 97069 9009d9 34 API calls 97016->97069 97017->97016 97020 91b486 97070 91b536 25 API calls 97020->97070 97021->97014 97024->97005 97024->97006 97026 897522 97025->97026 97027 897525 97025->97027 97048 897620 97026->97048 97028 89755b 97027->97028 97029 89752d 97027->97029 97031 8d50f6 97028->97031 97034 89756d 97028->97034 97040 8d500f 97028->97040 97071 8b51c6 26 API calls 97029->97071 97074 8b5183 26 API calls 97031->97074 97032 89753d 97038 8afddb 22 API calls 97032->97038 97072 8afb21 51 API calls 97034->97072 97035 8d510e 97035->97035 97039 897547 97038->97039 97041 899cb3 22 API calls 97039->97041 97042 8afe0b 22 API calls 97040->97042 97047 8d5088 97040->97047 97041->97026 97043 8d5058 97042->97043 97044 8afddb 22 API calls 97043->97044 97045 8d507f 97044->97045 97046 899cb3 22 API calls 97045->97046 97046->97047 97073 8afb21 51 API calls 97047->97073 97049 89762a _wcslen 97048->97049 97050 8afe0b 22 API calls 97049->97050 97051 89763f 97050->97051 97051->96951 97075 90030f 97052->97075 97056 89b578 97055->97056 97057 89b57f 97055->97057 97056->97057 97088 8b62d1 39 API calls _strftime 97056->97088 97057->96940 97059 89b5c2 97059->96940 97060->96973 97061->96980 97062->96969 97063->96983 97064->96991 97065->97000 97066->96989 97067->97002 97068->97024 97069->97020 97070->97015 97071->97032 97072->97032 97073->97031 97074->97035 97076 900321 CloseHandle 97075->97076 97077 900329 97075->97077 97076->97077 97078 900336 97077->97078 97079 90032e CloseHandle 97077->97079 97080 900343 97078->97080 97081 90033b CloseHandle 97078->97081 97079->97078 97082 900350 97080->97082 97083 900348 CloseHandle 97080->97083 97081->97080 97084 900355 CloseHandle 97082->97084 97085 90035d 97082->97085 97083->97082 97084->97085 97086 900362 CloseHandle 97085->97086 97087 90017d 97085->97087 97086->97087 97087->96890 97088->97059 97090 8fdbdc GetFileAttributesW 97089->97090 97091 8fdc06 97089->97091 97090->97091 97092 8fdbe8 FindFirstFileW 97090->97092 97091->96912 97092->97091 97093 8fdbf9 FindClose 97092->97093 97093->97091 97095 89aceb 23 API calls 97094->97095 97096 922af3 97095->97096 97097 922aff 97096->97097 97098 922b1d 97096->97098 97099 897510 53 API calls 97097->97099 97100 896b57 22 API calls 97098->97100 97101 922b0c 97099->97101 97102 922b1b 97100->97102 97101->97102 97104 89a8c7 22 API calls __fread_nolock 97101->97104 97102->96915 97104->97102 97106 8a0206 97105->97106 97121 8a027e 97105->97121 97107 8e5411 97106->97107 97108 8a0213 97106->97108 97191 917b7e 348 API calls 2 library calls 97107->97191 97115 8a021d 97108->97115 97116 8e5435 97108->97116 97110 8e5405 97190 90359c 82 API calls __wsopen_s 97110->97190 97112 8e5466 97117 8e5493 97112->97117 97118 8e5471 97112->97118 97113 89ec40 348 API calls 97113->97121 97165 8a0230 messages 97115->97165 97196 89a8c7 22 API calls __fread_nolock 97115->97196 97116->97112 97120 8e544d 97116->97120 97173 915689 97117->97173 97193 917b7e 348 API calls 2 library calls 97118->97193 97119 8a0405 97119->96748 97192 90359c 82 API calls __wsopen_s 97120->97192 97121->97113 97121->97119 97128 8e51b9 97121->97128 97139 8a03f9 97121->97139 97145 8a0344 97121->97145 97149 8e51ce messages 97121->97149 97155 8a03b2 messages 97121->97155 97126 8e5332 97126->97165 97189 89a8c7 22 API calls __fread_nolock 97126->97189 97186 90359c 82 API calls __wsopen_s 97128->97186 97131 8e568a 97134 8e56c0 97131->97134 97198 917771 67 API calls 97131->97198 97132 8e5532 97194 901119 22 API calls 97132->97194 97138 89aceb 23 API calls 97134->97138 97136 8e5668 97140 897510 53 API calls 97136->97140 97160 8a0273 messages 97138->97160 97139->97119 97185 90359c 82 API calls __wsopen_s 97139->97185 97156 8e5670 _wcslen 97140->97156 97141 8e54b9 97180 900acc 97141->97180 97142 8e569e 97147 897510 53 API calls 97142->97147 97145->97139 97184 8a04f0 22 API calls 97145->97184 97159 8e56a6 _wcslen 97147->97159 97148 8e5544 97195 89a673 22 API calls 97148->97195 97149->97155 97149->97160 97187 90359c 82 API calls __wsopen_s 97149->97187 97150 8a03a5 97150->97139 97150->97155 97154 8e554d 97162 900acc 22 API calls 97154->97162 97155->97110 97155->97126 97155->97160 97155->97165 97188 8aa308 348 API calls 97155->97188 97156->97131 97158 89aceb 23 API calls 97156->97158 97157 8a1310 348 API calls 97157->97165 97158->97131 97159->97134 97161 89aceb 23 API calls 97159->97161 97160->96748 97161->97134 97163 8e5566 97162->97163 97164 89bf40 348 API calls 97163->97164 97164->97165 97165->97131 97165->97160 97197 917632 54 API calls __wsopen_s 97165->97197 97166->96748 97167->96754 97168->96754 97169->96754 97170->96754 97171->96744 97172->96754 97174 9156a4 97173->97174 97179 8e549e 97173->97179 97175 8afe0b 22 API calls 97174->97175 97177 9156c6 97175->97177 97176 8afddb 22 API calls 97176->97177 97177->97176 97177->97179 97199 900a59 97177->97199 97179->97132 97179->97141 97181 900ada 97180->97181 97183 8e54e3 97180->97183 97182 8afddb 22 API calls 97181->97182 97181->97183 97182->97183 97183->97157 97184->97150 97185->97160 97186->97149 97187->97155 97188->97155 97189->97165 97190->97107 97191->97165 97192->97160 97193->97165 97194->97148 97195->97154 97196->97165 97197->97136 97198->97142 97200 900a7a 97199->97200 97201 8afddb 22 API calls 97200->97201 97202 900a85 97200->97202 97201->97202 97202->97177 97208 8fdf02 97203->97208 97204 8fdf19 97213 8b62fb 39 API calls _strftime 97204->97213 97207 8fdf1f 97207->96779 97208->97204 97208->97207 97212 8b63b2 GetStringTypeW _strftime 97208->97212 97209->96779 97210->96779 97211->96779 97212->97208 97213->97207 97214 8c8402 97219 8c81be 97214->97219 97218 8c842a 97224 8c81ef try_get_first_available_module 97219->97224 97221 8c83ee 97238 8c27ec 26 API calls pre_c_initialization 97221->97238 97223 8c8343 97223->97218 97231 8d0984 97223->97231 97230 8c8338 97224->97230 97234 8b8e0b 40 API calls 2 library calls 97224->97234 97226 8c838c 97226->97230 97235 8b8e0b 40 API calls 2 library calls 97226->97235 97228 8c83ab 97228->97230 97236 8b8e0b 40 API calls 2 library calls 97228->97236 97230->97223 97237 8bf2d9 20 API calls _abort 97230->97237 97239 8d0081 97231->97239 97233 8d099f 97233->97218 97234->97226 97235->97228 97236->97230 97237->97221 97238->97223 97240 8d008d ___scrt_is_nonwritable_in_current_image 97239->97240 97241 8d009b 97240->97241 97244 8d00d4 97240->97244 97297 8bf2d9 20 API calls _abort 97241->97297 97243 8d00a0 97298 8c27ec 26 API calls pre_c_initialization 97243->97298 97250 8d065b 97244->97250 97249 8d00aa __fread_nolock 97249->97233 97300 8d042f 97250->97300 97253 8d068d 97332 8bf2c6 20 API calls _abort 97253->97332 97254 8d06a6 97318 8c5221 97254->97318 97257 8d06ab 97258 8d06cb 97257->97258 97259 8d06b4 97257->97259 97331 8d039a CreateFileW 97258->97331 97334 8bf2c6 20 API calls _abort 97259->97334 97263 8d00f8 97299 8d0121 LeaveCriticalSection __wsopen_s 97263->97299 97264 8d06b9 97335 8bf2d9 20 API calls _abort 97264->97335 97266 8d0781 GetFileType 97269 8d078c GetLastError 97266->97269 97270 8d07d3 97266->97270 97267 8d0692 97333 8bf2d9 20 API calls _abort 97267->97333 97268 8d0756 GetLastError 97337 8bf2a3 20 API calls 2 library calls 97268->97337 97338 8bf2a3 20 API calls 2 library calls 97269->97338 97340 8c516a 21 API calls 3 library calls 97270->97340 97271 8d0704 97271->97266 97271->97268 97336 8d039a CreateFileW 97271->97336 97274 8d079a CloseHandle 97274->97267 97276 8d07c3 97274->97276 97339 8bf2d9 20 API calls _abort 97276->97339 97278 8d0749 97278->97266 97278->97268 97280 8d07f4 97282 8d0840 97280->97282 97341 8d05ab 72 API calls 4 library calls 97280->97341 97281 8d07c8 97281->97267 97286 8d086d 97282->97286 97342 8d014d 72 API calls 4 library calls 97282->97342 97285 8d0866 97285->97286 97287 8d087e 97285->97287 97343 8c86ae 97286->97343 97287->97263 97289 8d08fc CloseHandle 97287->97289 97358 8d039a CreateFileW 97289->97358 97291 8d0927 97292 8d0931 GetLastError 97291->97292 97293 8d095d 97291->97293 97359 8bf2a3 20 API calls 2 library calls 97292->97359 97293->97263 97295 8d093d 97360 8c5333 21 API calls 3 library calls 97295->97360 97297->97243 97298->97249 97299->97249 97301 8d046a 97300->97301 97302 8d0450 97300->97302 97361 8d03bf 97301->97361 97302->97301 97368 8bf2d9 20 API calls _abort 97302->97368 97305 8d045f 97369 8c27ec 26 API calls pre_c_initialization 97305->97369 97307 8d04a2 97308 8d04d1 97307->97308 97370 8bf2d9 20 API calls _abort 97307->97370 97309 8d0524 97308->97309 97372 8bd70d 26 API calls 2 library calls 97308->97372 97309->97253 97309->97254 97312 8d051f 97312->97309 97314 8d059e 97312->97314 97313 8d04c6 97371 8c27ec 26 API calls pre_c_initialization 97313->97371 97373 8c27fc 11 API calls _abort 97314->97373 97317 8d05aa 97319 8c522d ___scrt_is_nonwritable_in_current_image 97318->97319 97376 8c2f5e EnterCriticalSection 97319->97376 97321 8c5234 97322 8c5259 97321->97322 97327 8c52c7 EnterCriticalSection 97321->97327 97330 8c527b 97321->97330 97380 8c5000 97322->97380 97325 8c52a4 __fread_nolock 97325->97257 97328 8c52d4 LeaveCriticalSection 97327->97328 97327->97330 97328->97321 97377 8c532a 97330->97377 97331->97271 97332->97267 97333->97263 97334->97264 97335->97267 97336->97278 97337->97267 97338->97274 97339->97281 97340->97280 97341->97282 97342->97285 97406 8c53c4 97343->97406 97345 8c86c4 97419 8c5333 21 API calls 3 library calls 97345->97419 97346 8c86be 97346->97345 97347 8c86f6 97346->97347 97349 8c53c4 __wsopen_s 26 API calls 97346->97349 97347->97345 97350 8c53c4 __wsopen_s 26 API calls 97347->97350 97352 8c86ed 97349->97352 97353 8c8702 CloseHandle 97350->97353 97351 8c871c 97354 8c873e 97351->97354 97420 8bf2a3 20 API calls 2 library calls 97351->97420 97355 8c53c4 __wsopen_s 26 API calls 97352->97355 97353->97345 97356 8c870e GetLastError 97353->97356 97354->97263 97355->97347 97356->97345 97358->97291 97359->97295 97360->97293 97363 8d03d7 97361->97363 97362 8d03f2 97362->97307 97363->97362 97374 8bf2d9 20 API calls _abort 97363->97374 97365 8d0416 97375 8c27ec 26 API calls pre_c_initialization 97365->97375 97367 8d0421 97367->97307 97368->97305 97369->97301 97370->97313 97371->97308 97372->97312 97373->97317 97374->97365 97375->97367 97376->97321 97388 8c2fa6 LeaveCriticalSection 97377->97388 97379 8c5331 97379->97325 97389 8c4c7d 97380->97389 97382 8c501f 97397 8c29c8 97382->97397 97384 8c5012 97384->97382 97396 8c3405 11 API calls 2 library calls 97384->97396 97385 8c5071 97385->97330 97387 8c5147 EnterCriticalSection 97385->97387 97387->97330 97388->97379 97390 8c4c8a _abort 97389->97390 97391 8c4cca 97390->97391 97392 8c4cb5 RtlAllocateHeap 97390->97392 97403 8b4ead 7 API calls 2 library calls 97390->97403 97404 8bf2d9 20 API calls _abort 97391->97404 97392->97390 97394 8c4cc8 97392->97394 97394->97384 97396->97384 97398 8c29fc _free 97397->97398 97399 8c29d3 RtlFreeHeap 97397->97399 97398->97385 97399->97398 97400 8c29e8 97399->97400 97405 8bf2d9 20 API calls _abort 97400->97405 97402 8c29ee GetLastError 97402->97398 97403->97390 97404->97394 97405->97402 97407 8c53e6 97406->97407 97408 8c53d1 97406->97408 97412 8c540b 97407->97412 97423 8bf2c6 20 API calls _abort 97407->97423 97421 8bf2c6 20 API calls _abort 97408->97421 97411 8c53d6 97422 8bf2d9 20 API calls _abort 97411->97422 97412->97346 97413 8c5416 97424 8bf2d9 20 API calls _abort 97413->97424 97416 8c53de 97416->97346 97417 8c541e 97425 8c27ec 26 API calls pre_c_initialization 97417->97425 97419->97351 97420->97354 97421->97411 97422->97416 97423->97413 97424->97417 97425->97416 97426 8d2402 97429 891410 97426->97429 97430 8d24b8 DestroyWindow 97429->97430 97431 89144f mciSendStringW 97429->97431 97443 8d24c4 97430->97443 97432 89146b 97431->97432 97433 8916c6 97431->97433 97434 891479 97432->97434 97432->97443 97433->97432 97435 8916d5 UnregisterHotKey 97433->97435 97462 89182e 97434->97462 97435->97433 97437 8d24d8 97437->97443 97468 896246 CloseHandle 97437->97468 97438 8d24e2 FindClose 97438->97443 97440 8d2509 97444 8d252d 97440->97444 97445 8d251c FreeLibrary 97440->97445 97442 89148e 97442->97444 97452 89149c 97442->97452 97443->97437 97443->97438 97443->97440 97446 8d2541 VirtualFree 97444->97446 97453 891509 97444->97453 97445->97440 97446->97444 97447 8914f8 CoUninitialize 97447->97453 97448 8d2589 97455 8d2598 messages 97448->97455 97469 9032eb 6 API calls messages 97448->97469 97449 891514 97450 891524 97449->97450 97466 891944 VirtualFreeEx CloseHandle 97450->97466 97452->97447 97453->97448 97453->97449 97458 8d2627 97455->97458 97470 8f64d4 22 API calls messages 97455->97470 97457 89153a 97457->97455 97459 89161f 97457->97459 97458->97458 97459->97458 97467 891876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97459->97467 97461 8916c1 97463 89183b 97462->97463 97464 891480 97463->97464 97471 8f702a 22 API calls 97463->97471 97464->97440 97464->97442 97466->97457 97467->97461 97468->97437 97469->97448 97470->97455 97471->97463 98269 8b03fb 98270 8b0407 ___scrt_is_nonwritable_in_current_image 98269->98270 98298 8afeb1 98270->98298 98272 8b040e 98273 8b0561 98272->98273 98276 8b0438 98272->98276 98328 8b083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 98273->98328 98275 8b0568 98321 8b4e52 98275->98321 98286 8b0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98276->98286 98309 8c247d 98276->98309 98283 8b0457 98289 8b04d8 98286->98289 98324 8b4e1a 38 API calls 3 library calls 98286->98324 98288 8b04de 98290 8b04f3 98288->98290 98317 8b0959 98289->98317 98325 8b0992 GetModuleHandleW 98290->98325 98292 8b04fa 98292->98275 98293 8b04fe 98292->98293 98294 8b0507 98293->98294 98326 8b4df5 28 API calls _abort 98293->98326 98327 8b0040 13 API calls 2 library calls 98294->98327 98297 8b050f 98297->98283 98299 8afeba 98298->98299 98330 8b0698 IsProcessorFeaturePresent 98299->98330 98301 8afec6 98331 8b2c94 10 API calls 3 library calls 98301->98331 98303 8afecb 98308 8afecf 98303->98308 98332 8c2317 98303->98332 98306 8afee6 98306->98272 98308->98272 98312 8c2494 98309->98312 98310 8b0a8c _ValidateLocalCookies 5 API calls 98311 8b0451 98310->98311 98311->98283 98313 8c2421 98311->98313 98312->98310 98316 8c2450 98313->98316 98314 8b0a8c _ValidateLocalCookies 5 API calls 98315 8c2479 98314->98315 98315->98286 98316->98314 98383 8b2340 98317->98383 98320 8b097f 98320->98288 98385 8b4bcf 98321->98385 98324->98289 98325->98292 98326->98294 98327->98297 98328->98275 98330->98301 98331->98303 98336 8cd1f6 98332->98336 98335 8b2cbd 8 API calls 3 library calls 98335->98308 98337 8cd213 98336->98337 98340 8cd20f 98336->98340 98337->98340 98342 8c4bfb 98337->98342 98339 8afed8 98339->98306 98339->98335 98354 8b0a8c 98340->98354 98343 8c4c07 ___scrt_is_nonwritable_in_current_image 98342->98343 98361 8c2f5e EnterCriticalSection 98343->98361 98345 8c4c0e 98362 8c50af 98345->98362 98347 8c4c1d 98353 8c4c2c 98347->98353 98375 8c4a8f 29 API calls 98347->98375 98350 8c4c3d __fread_nolock 98350->98337 98351 8c4c27 98376 8c4b45 GetStdHandle GetFileType 98351->98376 98377 8c4c48 LeaveCriticalSection _abort 98353->98377 98355 8b0a97 IsProcessorFeaturePresent 98354->98355 98356 8b0a95 98354->98356 98358 8b0c5d 98355->98358 98356->98339 98382 8b0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98358->98382 98360 8b0d40 98360->98339 98361->98345 98363 8c50bb ___scrt_is_nonwritable_in_current_image 98362->98363 98364 8c50df 98363->98364 98365 8c50c8 98363->98365 98378 8c2f5e EnterCriticalSection 98364->98378 98379 8bf2d9 20 API calls _abort 98365->98379 98368 8c50cd 98380 8c27ec 26 API calls pre_c_initialization 98368->98380 98370 8c5117 98381 8c513e LeaveCriticalSection _abort 98370->98381 98371 8c50d7 __fread_nolock 98371->98347 98372 8c50eb 98372->98370 98374 8c5000 __wsopen_s 21 API calls 98372->98374 98374->98372 98375->98351 98376->98353 98377->98350 98378->98372 98379->98368 98380->98371 98381->98371 98382->98360 98384 8b096c GetStartupInfoW 98383->98384 98384->98320 98386 8b4bdb _unexpected 98385->98386 98387 8b4be2 98386->98387 98388 8b4bf4 98386->98388 98424 8b4d29 GetModuleHandleW 98387->98424 98409 8c2f5e EnterCriticalSection 98388->98409 98391 8b4be7 98391->98388 98425 8b4d6d GetModuleHandleExW 98391->98425 98392 8b4c99 98413 8b4cd9 98392->98413 98395 8b4c70 98400 8b4c88 98395->98400 98404 8c2421 _abort 5 API calls 98395->98404 98398 8b4ce2 98433 8d1d29 5 API calls _ValidateLocalCookies 98398->98433 98399 8b4cb6 98416 8b4ce8 98399->98416 98405 8c2421 _abort 5 API calls 98400->98405 98404->98400 98405->98392 98406 8b4bfb 98406->98392 98406->98395 98410 8c21a8 98406->98410 98409->98406 98434 8c1ee1 98410->98434 98453 8c2fa6 LeaveCriticalSection 98413->98453 98415 8b4cb2 98415->98398 98415->98399 98454 8c360c 98416->98454 98419 8b4d16 98422 8b4d6d _abort 8 API calls 98419->98422 98420 8b4cf6 GetPEB 98420->98419 98421 8b4d06 GetCurrentProcess TerminateProcess 98420->98421 98421->98419 98423 8b4d1e ExitProcess 98422->98423 98424->98391 98426 8b4dba 98425->98426 98427 8b4d97 GetProcAddress 98425->98427 98429 8b4dc9 98426->98429 98430 8b4dc0 FreeLibrary 98426->98430 98428 8b4dac 98427->98428 98428->98426 98431 8b0a8c _ValidateLocalCookies 5 API calls 98429->98431 98430->98429 98432 8b4bf3 98431->98432 98432->98388 98437 8c1e90 98434->98437 98436 8c1f05 98436->98395 98438 8c1e9c ___scrt_is_nonwritable_in_current_image 98437->98438 98445 8c2f5e EnterCriticalSection 98438->98445 98440 8c1eaa 98446 8c1f31 98440->98446 98444 8c1ec8 __fread_nolock 98444->98436 98445->98440 98447 8c1f51 98446->98447 98450 8c1f59 98446->98450 98448 8b0a8c _ValidateLocalCookies 5 API calls 98447->98448 98449 8c1eb7 98448->98449 98452 8c1ed5 LeaveCriticalSection _abort 98449->98452 98450->98447 98451 8c29c8 _free 20 API calls 98450->98451 98451->98447 98452->98444 98453->98415 98455 8c3627 98454->98455 98456 8c3631 98454->98456 98458 8b0a8c _ValidateLocalCookies 5 API calls 98455->98458 98461 8c2fd7 5 API calls 2 library calls 98456->98461 98459 8b4cf2 98458->98459 98459->98419 98459->98420 98460 8c3648 98460->98455 98461->98460 97472 891098 97477 8942de 97472->97477 97476 8910a7 97478 89a961 22 API calls 97477->97478 97479 8942f5 GetVersionExW 97478->97479 97480 896b57 22 API calls 97479->97480 97481 894342 97480->97481 97482 8993b2 22 API calls 97481->97482 97485 894378 97481->97485 97483 89436c 97482->97483 97498 8937a0 97483->97498 97486 89441b GetCurrentProcess IsWow64Process 97485->97486 97490 8d37df 97485->97490 97487 894437 97486->97487 97488 89444f LoadLibraryA 97487->97488 97489 8d3824 GetSystemInfo 97487->97489 97491 89449c GetSystemInfo 97488->97491 97492 894460 GetProcAddress 97488->97492 97493 894476 97491->97493 97492->97491 97494 894470 GetNativeSystemInfo 97492->97494 97495 89447a FreeLibrary 97493->97495 97496 89109d 97493->97496 97494->97493 97495->97496 97497 8b00a3 29 API calls __onexit 97496->97497 97497->97476 97499 8937ae 97498->97499 97500 8993b2 22 API calls 97499->97500 97501 8937c2 97500->97501 97501->97485 97502 8ed79f 97507 893b1c 97502->97507 97504 8ed7bf 97514 899c6e 22 API calls 97504->97514 97506 8ed7ef 97506->97506 97508 893b8c 97507->97508 97509 893b29 97507->97509 97508->97504 97509->97508 97510 893b30 RegOpenKeyExW 97509->97510 97510->97508 97511 893b4a RegQueryValueExW 97510->97511 97512 893b6b 97511->97512 97513 893b80 RegCloseKey 97511->97513 97512->97513 97513->97508 97514->97506 97515 8ed35f 97516 8ed30c 97515->97516 97519 8fdf27 SHGetFolderPathW 97516->97519 97520 896b57 22 API calls 97519->97520 97521 8ed315 97520->97521 97522 8af698 97523 8af6a2 97522->97523 97524 8af6c3 97522->97524 97531 89af8a 97523->97531 97530 8ef2f8 97524->97530 97539 8f4d4a 22 API calls messages 97524->97539 97526 8af6b2 97528 89af8a 22 API calls 97526->97528 97529 8af6c2 97528->97529 97532 89af98 97531->97532 97538 89afc0 messages 97531->97538 97533 89afa6 97532->97533 97534 89af8a 22 API calls 97532->97534 97535 89afac 97533->97535 97536 89af8a 22 API calls 97533->97536 97534->97533 97535->97538 97540 89b090 97535->97540 97536->97535 97538->97526 97539->97524 97541 89b09b messages 97540->97541 97542 89b0d6 messages 97541->97542 97544 8ace17 22 API calls messages 97541->97544 97542->97538 97544->97542 97545 89105b 97550 89344d 97545->97550 97547 89106a 97581 8b00a3 29 API calls __onexit 97547->97581 97549 891074 97551 89345d __wsopen_s 97550->97551 97552 89a961 22 API calls 97551->97552 97553 893513 97552->97553 97582 893a5a 97553->97582 97555 89351c 97589 893357 97555->97589 97562 89a961 22 API calls 97563 89354d 97562->97563 97610 89a6c3 97563->97610 97566 8d3176 RegQueryValueExW 97567 8d320c RegCloseKey 97566->97567 97568 8d3193 97566->97568 97570 893578 97567->97570 97580 8d321e _wcslen 97567->97580 97569 8afe0b 22 API calls 97568->97569 97571 8d31ac 97569->97571 97570->97547 97616 895722 97571->97616 97574 894c6d 22 API calls 97574->97580 97575 8d31d4 97576 896b57 22 API calls 97575->97576 97577 8d31ee messages 97576->97577 97577->97567 97578 899cb3 22 API calls 97578->97580 97579 89515f 22 API calls 97579->97580 97580->97570 97580->97574 97580->97578 97580->97579 97581->97549 97619 8d1f50 97582->97619 97585 899cb3 22 API calls 97586 893a8d 97585->97586 97621 893aa2 97586->97621 97588 893a97 97588->97555 97590 8d1f50 __wsopen_s 97589->97590 97591 893364 GetFullPathNameW 97590->97591 97592 893386 97591->97592 97593 896b57 22 API calls 97592->97593 97594 8933a4 97593->97594 97595 8933c6 97594->97595 97596 8933dd 97595->97596 97597 8d30bb 97595->97597 97631 8933ee 97596->97631 97599 8afddb 22 API calls 97597->97599 97601 8d30c5 _wcslen 97599->97601 97600 8933e8 97604 89515f 97600->97604 97602 8afe0b 22 API calls 97601->97602 97603 8d30fe __fread_nolock 97602->97603 97605 89516e 97604->97605 97609 89518f __fread_nolock 97604->97609 97607 8afe0b 22 API calls 97605->97607 97606 8afddb 22 API calls 97608 893544 97606->97608 97607->97609 97608->97562 97609->97606 97611 89a6dd 97610->97611 97612 893556 RegOpenKeyExW 97610->97612 97613 8afddb 22 API calls 97611->97613 97612->97566 97612->97570 97614 89a6e7 97613->97614 97615 8afe0b 22 API calls 97614->97615 97615->97612 97617 8afddb 22 API calls 97616->97617 97618 895734 RegQueryValueExW 97617->97618 97618->97575 97618->97577 97620 893a67 GetModuleFileNameW 97619->97620 97620->97585 97622 8d1f50 __wsopen_s 97621->97622 97623 893aaf GetFullPathNameW 97622->97623 97624 893ae9 97623->97624 97625 893ace 97623->97625 97627 89a6c3 22 API calls 97624->97627 97626 896b57 22 API calls 97625->97626 97628 893ada 97626->97628 97627->97628 97629 8937a0 22 API calls 97628->97629 97630 893ae6 97629->97630 97630->97588 97632 8933fe _wcslen 97631->97632 97633 8d311d 97632->97633 97634 893411 97632->97634 97635 8afddb 22 API calls 97633->97635 97641 89a587 97634->97641 97637 8d3127 97635->97637 97639 8afe0b 22 API calls 97637->97639 97638 89341e __fread_nolock 97638->97600 97640 8d3157 __fread_nolock 97639->97640 97642 89a598 __fread_nolock 97641->97642 97643 89a59d 97641->97643 97642->97638 97644 8df80f 97643->97644 97645 8afe0b 22 API calls 97643->97645 97645->97642 97646 8ed29a 97649 8fde27 WSAStartup 97646->97649 97648 8ed2a5 97650 8fde50 gethostname gethostbyname 97649->97650 97651 8fdee6 97649->97651 97650->97651 97652 8fde73 __fread_nolock 97650->97652 97651->97648 97653 8fdea5 inet_ntoa 97652->97653 97657 8fde87 97652->97657 97655 8fdebe _strcat 97653->97655 97654 8fdede WSACleanup 97654->97651 97658 8febd1 97655->97658 97657->97654 97659 8fec37 97658->97659 97661 8febe0 _strlen 97658->97661 97659->97657 97660 8febef MultiByteToWideChar 97660->97659 97662 8fec04 97660->97662 97661->97660 97663 8afe0b 22 API calls 97662->97663 97664 8fec20 MultiByteToWideChar 97663->97664 97664->97659 98462 8ed27a GetUserNameW 98463 8ed292 98462->98463 98463->98463 98464 89defc 98467 891d6f 98464->98467 98466 89df07 98468 891d8c 98467->98468 98469 891f6f 348 API calls 98468->98469 98470 891da6 98469->98470 98471 8d2759 98470->98471 98473 891e36 98470->98473 98474 891dc2 98470->98474 98477 90359c 82 API calls __wsopen_s 98471->98477 98473->98466 98474->98473 98476 89289a 23 API calls 98474->98476 98476->98473 98477->98473 98478 891033 98483 894c91 98478->98483 98482 891042 98484 89a961 22 API calls 98483->98484 98485 894cff 98484->98485 98491 893af0 98485->98491 98488 894d9c 98489 891038 98488->98489 98494 8951f7 22 API calls __fread_nolock 98488->98494 98490 8b00a3 29 API calls __onexit 98489->98490 98490->98482 98492 893b1c 3 API calls 98491->98492 98493 893b0f 98492->98493 98493->98488 98494->98488 98495 89fe73 98502 8aceb1 98495->98502 98497 89fe89 98511 8acf92 98497->98511 98499 89feb3 98523 90359c 82 API calls __wsopen_s 98499->98523 98501 8e4ab8 98503 8acebf 98502->98503 98504 8aced2 98502->98504 98505 89aceb 23 API calls 98503->98505 98506 8aced7 98504->98506 98507 8acf05 98504->98507 98510 8acec9 98505->98510 98508 8afddb 22 API calls 98506->98508 98509 89aceb 23 API calls 98507->98509 98508->98510 98509->98510 98510->98497 98512 896270 22 API calls 98511->98512 98513 8acfc9 98512->98513 98514 899cb3 22 API calls 98513->98514 98516 8acffa 98513->98516 98515 8ed166 98514->98515 98524 896350 22 API calls 98515->98524 98516->98499 98518 8ed171 98525 8ad2f0 40 API calls 98518->98525 98520 8ed184 98521 89aceb 23 API calls 98520->98521 98522 8ed188 98520->98522 98521->98522 98522->98522 98523->98501 98524->98518 98525->98520 97665 8ed255 97666 8ed275 97665->97666 97667 893b1c 3 API calls 97665->97667 97667->97666 98526 8e3f75 98527 8aceb1 23 API calls 98526->98527 98528 8e3f8b 98527->98528 98529 8e4006 98528->98529 98537 8ae300 23 API calls 98528->98537 98532 89bf40 348 API calls 98529->98532 98531 8e3fe6 98534 8e4052 98531->98534 98538 901abf 22 API calls 98531->98538 98532->98534 98535 8e4a88 98534->98535 98539 90359c 82 API calls __wsopen_s 98534->98539 98537->98531 98538->98529 98539->98535 98540 892e37 98541 89a961 22 API calls 98540->98541 98542 892e4d 98541->98542 98619 894ae3 98542->98619 98544 892e6b 98545 893a5a 24 API calls 98544->98545 98546 892e7f 98545->98546 98547 899cb3 22 API calls 98546->98547 98548 892e8c 98547->98548 98549 894ecb 94 API calls 98548->98549 98550 892ea5 98549->98550 98551 8d2cb0 98550->98551 98553 892ead 98550->98553 98552 902cf9 80 API calls 98551->98552 98554 8d2cc3 98552->98554 98633 89a8c7 22 API calls __fread_nolock 98553->98633 98556 8d2ccf 98554->98556 98558 894f39 68 API calls 98554->98558 98560 894f39 68 API calls 98556->98560 98557 892ec3 98634 896f88 22 API calls 98557->98634 98558->98556 98562 8d2ce5 98560->98562 98561 892ecf 98563 899cb3 22 API calls 98561->98563 98651 893084 22 API calls 98562->98651 98564 892edc 98563->98564 98635 89a81b 41 API calls 98564->98635 98567 892eec 98569 899cb3 22 API calls 98567->98569 98568 8d2d02 98652 893084 22 API calls 98568->98652 98571 892f12 98569->98571 98636 89a81b 41 API calls 98571->98636 98572 8d2d1e 98574 893a5a 24 API calls 98572->98574 98576 8d2d44 98574->98576 98575 892f21 98579 89a961 22 API calls 98575->98579 98653 893084 22 API calls 98576->98653 98578 8d2d50 98654 89a8c7 22 API calls __fread_nolock 98578->98654 98581 892f3f 98579->98581 98637 893084 22 API calls 98581->98637 98582 8d2d5e 98655 893084 22 API calls 98582->98655 98585 892f4b 98638 8b4a28 40 API calls 3 library calls 98585->98638 98586 8d2d6d 98656 89a8c7 22 API calls __fread_nolock 98586->98656 98588 892f59 98588->98562 98589 892f63 98588->98589 98639 8b4a28 40 API calls 3 library calls 98589->98639 98592 8d2d83 98657 893084 22 API calls 98592->98657 98593 892f6e 98593->98568 98595 892f78 98593->98595 98640 8b4a28 40 API calls 3 library calls 98595->98640 98596 8d2d90 98598 892f83 98598->98572 98599 892f8d 98598->98599 98641 8b4a28 40 API calls 3 library calls 98599->98641 98601 892f98 98602 892fdc 98601->98602 98642 893084 22 API calls 98601->98642 98602->98586 98603 892fe8 98602->98603 98603->98596 98645 8963eb 22 API calls 98603->98645 98605 892fbf 98643 89a8c7 22 API calls __fread_nolock 98605->98643 98607 892ff8 98646 896a50 22 API calls 98607->98646 98610 892fcd 98644 893084 22 API calls 98610->98644 98611 893006 98647 8970b0 23 API calls 98611->98647 98616 893021 98617 893065 98616->98617 98648 896f88 22 API calls 98616->98648 98649 8970b0 23 API calls 98616->98649 98650 893084 22 API calls 98616->98650 98620 894af0 __wsopen_s 98619->98620 98621 896b57 22 API calls 98620->98621 98622 894b22 98620->98622 98621->98622 98632 894b58 98622->98632 98658 894c6d 98622->98658 98624 894c6d 22 API calls 98624->98632 98625 894c29 98626 899cb3 22 API calls 98625->98626 98627 894c5e 98625->98627 98629 894c52 98626->98629 98627->98544 98628 899cb3 22 API calls 98628->98632 98630 89515f 22 API calls 98629->98630 98630->98627 98631 89515f 22 API calls 98631->98632 98632->98624 98632->98625 98632->98628 98632->98631 98633->98557 98634->98561 98635->98567 98636->98575 98637->98585 98638->98588 98639->98593 98640->98598 98641->98601 98642->98605 98643->98610 98644->98602 98645->98607 98646->98611 98647->98616 98648->98616 98649->98616 98650->98616 98651->98568 98652->98572 98653->98578 98654->98582 98655->98586 98656->98592 98657->98596 98659 89aec9 22 API calls 98658->98659 98660 894c78 98659->98660 98660->98622 97668 893156 97671 893170 97668->97671 97672 893187 97671->97672 97673 8931eb 97672->97673 97674 89318c 97672->97674 97711 8931e9 97672->97711 97678 8d2dfb 97673->97678 97679 8931f1 97673->97679 97675 893199 97674->97675 97676 893265 PostQuitMessage 97674->97676 97681 8d2e7c 97675->97681 97682 8931a4 97675->97682 97713 89316a 97676->97713 97677 8931d0 DefWindowProcW 97677->97713 97730 8918e2 10 API calls 97678->97730 97683 8931f8 97679->97683 97684 89321d SetTimer RegisterWindowMessageW 97679->97684 97743 8fbf30 34 API calls ___scrt_fastfail 97681->97743 97686 8d2e68 97682->97686 97687 8931ae 97682->97687 97690 8d2d9c 97683->97690 97691 893201 KillTimer 97683->97691 97688 893246 CreatePopupMenu I_RpcFreeBuffer 97684->97688 97684->97713 97685 8d2e1c 97731 8ae499 42 API calls 97685->97731 97720 8fc161 97686->97720 97694 8d2e4d 97687->97694 97695 8931b9 97687->97695 97696 893253 97688->97696 97698 8d2dd7 MoveWindow 97690->97698 97699 8d2da1 97690->97699 97716 8930f2 97691->97716 97694->97677 97742 8f0ad7 22 API calls 97694->97742 97695->97696 97709 8931c4 97695->97709 97728 89326f 44 API calls ___scrt_fastfail 97696->97728 97697 8d2e8e 97697->97677 97697->97713 97698->97713 97702 8d2da7 97699->97702 97703 8d2dc6 SetFocus 97699->97703 97706 8d2db0 97702->97706 97702->97709 97703->97713 97705 893263 97705->97713 97729 8918e2 10 API calls 97706->97729 97709->97677 97712 8930f2 Shell_NotifyIconW 97709->97712 97711->97677 97714 8d2e41 97712->97714 97732 893837 97714->97732 97717 893154 97716->97717 97718 893104 ___scrt_fastfail 97716->97718 97727 893c50 DeleteObject DestroyWindow 97717->97727 97719 893123 Shell_NotifyIconW 97718->97719 97719->97717 97721 8fc179 ___scrt_fastfail 97720->97721 97722 8fc276 97720->97722 97744 893923 97721->97744 97722->97713 97724 8fc25f KillTimer SetTimer 97724->97722 97725 8fc1a0 97725->97724 97726 8fc251 Shell_NotifyIconW 97725->97726 97726->97724 97727->97713 97728->97705 97729->97713 97730->97685 97731->97709 97733 893862 ___scrt_fastfail 97732->97733 97774 894212 97733->97774 97736 8938e8 97738 8d3386 Shell_NotifyIconW 97736->97738 97739 893906 Shell_NotifyIconW 97736->97739 97740 893923 24 API calls 97739->97740 97741 89391c 97740->97741 97741->97711 97742->97711 97743->97697 97745 89393f 97744->97745 97746 893a13 97744->97746 97766 896270 97745->97766 97746->97725 97749 89395a 97751 896b57 22 API calls 97749->97751 97750 8d3393 LoadStringW 97752 8d33ad 97750->97752 97753 89396f 97751->97753 97760 893994 ___scrt_fastfail 97752->97760 97772 89a8c7 22 API calls __fread_nolock 97752->97772 97754 8d33c9 97753->97754 97755 89397c 97753->97755 97773 896350 22 API calls 97754->97773 97755->97752 97757 893986 97755->97757 97771 896350 22 API calls 97757->97771 97763 8939f9 Shell_NotifyIconW 97760->97763 97761 8d33d7 97761->97760 97762 8933c6 22 API calls 97761->97762 97764 8d33f9 97762->97764 97763->97746 97765 8933c6 22 API calls 97764->97765 97765->97760 97767 8afe0b 22 API calls 97766->97767 97768 896295 97767->97768 97769 8afddb 22 API calls 97768->97769 97770 89394d 97769->97770 97770->97749 97770->97750 97771->97760 97772->97760 97773->97761 97775 8d35a4 97774->97775 97776 8938b7 97774->97776 97775->97776 97777 8d35ad DestroyIcon 97775->97777 97776->97736 97778 8fc874 42 API calls _strftime 97776->97778 97777->97776 97778->97736

                                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                                      Function 008942DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 389 8942de-89434d call 89a961 GetVersionExW call 896b57 394 8d3617-8d362a 389->394 395 894353 389->395 396 8d362b-8d362f 394->396 397 894355-894357 395->397 398 8d3631 396->398 399 8d3632-8d363e 396->399 400 89435d-8943bc call 8993b2 call 8937a0 397->400 401 8d3656 397->401 398->399 399->396 402 8d3640-8d3642 399->402 417 8d37df-8d37e6 400->417 418 8943c2-8943c4 400->418 405 8d365d-8d3660 401->405 402->397 404 8d3648-8d364f 402->404 404->394 408 8d3651 404->408 409 89441b-894435 GetCurrentProcess IsWow64Process 405->409 410 8d3666-8d36a8 405->410 408->401 412 894494-89449a 409->412 413 894437 409->413 410->409 414 8d36ae-8d36b1 410->414 419 89443d-894449 412->419 413->419 415 8d36db-8d36e5 414->415 416 8d36b3-8d36bd 414->416 423 8d36f8-8d3702 415->423 424 8d36e7-8d36f3 415->424 420 8d36bf-8d36c5 416->420 421 8d36ca-8d36d6 416->421 425 8d37e8 417->425 426 8d3806-8d3809 417->426 418->405 422 8943ca-8943dd 418->422 427 89444f-89445e LoadLibraryA 419->427 428 8d3824-8d3828 GetSystemInfo 419->428 420->409 421->409 429 8943e3-8943e5 422->429 430 8d3726-8d372f 422->430 432 8d3715-8d3721 423->432 433 8d3704-8d3710 423->433 424->409 431 8d37ee 425->431 434 8d380b-8d381a 426->434 435 8d37f4-8d37fc 426->435 436 89449c-8944a6 GetSystemInfo 427->436 437 894460-89446e GetProcAddress 427->437 439 8d374d-8d3762 429->439 440 8943eb-8943ee 429->440 441 8d373c-8d3748 430->441 442 8d3731-8d3737 430->442 431->435 432->409 433->409 434->431 443 8d381c-8d3822 434->443 435->426 438 894476-894478 436->438 437->436 444 894470-894474 GetNativeSystemInfo 437->444 449 89447a-89447b FreeLibrary 438->449 450 894481-894493 438->450 447 8d376f-8d377b 439->447 448 8d3764-8d376a 439->448 445 8d3791-8d3794 440->445 446 8943f4-89440f 440->446 441->409 442->409 443->435 444->438 445->409 451 8d379a-8d37c1 445->451 452 894415 446->452 453 8d3780-8d378c 446->453 447->409 448->409 449->450 454 8d37ce-8d37da 451->454 455 8d37c3-8d37c9 451->455 452->409 453->409 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 0089430D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,0092CB64,00000000,?,?), ref: 00894422
                                                                                                                                                                                                                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 00894429
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00894454
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00894466
                                                                                                                                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00894474
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 0089447B
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 008944A0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e6e8c91c67a134d179f10efc4d69acff229a1b7af6a45b1ac98273a158b6ebc4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f5732391b7f7916f72b4b66045ca8a76db5452a8d05cd77d7685daaebd251d07
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6e8c91c67a134d179f10efc4d69acff229a1b7af6a45b1ac98273a158b6ebc4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19A1936293E2C4DFCB11EB697C41D997FA4BB36304B0C59AEE043D3B22D2A04545FB66
                                                                                                                                                                                                                                                                                                                                                                      Function 008942A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 817 8942a2-8942ba CreateStreamOnHGlobal 818 8942da-8942dd 817->818 819 8942bc-8942d3 FindResourceExW 817->819 820 8942d9 819->820 821 8d35ba-8d35c9 LoadResource 819->821 820->818 821->820 822 8d35cf-8d35dd SizeofResource 821->822 822->820 823 8d35e3-8d35ee LockResource 822->823 823->820 824 8d35f4-8d3612 823->824 824->820
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008950AA,?,?,00000000,00000000), ref: 008942B2
                                                                                                                                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008950AA,?,?,00000000,00000000), ref: 008942C9
                                                                                                                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20), ref: 008D35BE
                                                                                                                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20), ref: 008D35D3
                                                                                                                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(008950AA,?,?,008950AA,?,?,00000000,00000000,?,?,?,?,?,?,00894F20,?), ref: 008D35E6
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 722cc31f54d79353c35d48fafb97137e8766c9055d1aa4edd18e36e177c37fe4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 36c29b97b35ca995d8b41e0a6bf7a53ba96efed019272d22a6b135acb64faace
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 722cc31f54d79353c35d48fafb97137e8766c9055d1aa4edd18e36e177c37fe4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2117CB0204701BFEB219BA5DC48F2B7BB9FFC5B51F248169B412D6650DBB2D8019620
                                                                                                                                                                                                                                                                                                                                                                      Function 008D2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00892B6B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00961418,?,00892E7F,?,?,?,00000000), ref: 00893A78
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,?,?,00952224), ref: 008D2C10
                                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?,00952224), ref: 008D2C17
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a75f137429ccc6e546cb2b92730b78a10589ef22da7d6d48f967a8a05831debf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f3c11519cd2310dc535d75e961109951e59dc850bcbb0ce3debd2f867ba52f9b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a75f137429ccc6e546cb2b92730b78a10589ef22da7d6d48f967a8a05831debf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6119D31208305AACF14FF68D8529BE77E4FBA1355F4C042DF582D21A2DF618A0AA713
                                                                                                                                                                                                                                                                                                                                                                      Function 008FD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 008FD501
                                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 008FD50F
                                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 008FD52F
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 008FD5DC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7564788a8623a3ced59afcd2ab383a6ecd7bc77a7f37527d27a8fa2b6111f61
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 398ecf5a17fa2f65301f8d9c8fb95b680798aadac7fd1883f329b4a97e9c5771
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7564788a8623a3ced59afcd2ab383a6ecd7bc77a7f37527d27a8fa2b6111f61
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E318F710083049FD704EF68C881ABEBBE8FF99354F14092DF681C21A1EB61A949CB93
                                                                                                                                                                                                                                                                                                                                                                      Function 008FDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,008D5222), ref: 008FDBCE
                                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 008FDBDD
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 008FDBEE
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 008FDBFA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 476761b6a95da53a900b0d96930a4664c0500f224636899c162111bbe5fa74b5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 58b7cc83b7dd4f0e6f5f35d57307f20504169087cedfc18db2ddbe18480dcaab
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 476761b6a95da53a900b0d96930a4664c0500f224636899c162111bbe5fa74b5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF0A070829A189782306B78AC0E8BE376DEF01334B104702FA76C22E0EBB0995696D5
                                                                                                                                                                                                                                                                                                                                                                      Function 008ED21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 29b5fccc01c1ac0aa2f55ecaf9d58f9d2ce7bc6c0da12847850a498f3443ee6f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ff8db162e1a5e97f2d19b51c8341910749e4975a4092f31511a82fa09e5cd8f8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29b5fccc01c1ac0aa2f55ecaf9d58f9d2ce7bc6c0da12847850a498f3443ee6f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92D012A180834CE9CB5096E2DC458B9B37CFB0A345F508452FE16E1041D634E50D6761
                                                                                                                                                                                                                                                                                                                                                                      Function 008B4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000,?,008C28E9), ref: 008B4D09
                                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000,?,008C28E9), ref: 008B4D10
                                                                                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 008B4D22
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 28bd50e1700a6f1f7fac639b3f9a6f3593eba117f202f37d4265638c44c2efea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac9d2f41ecca913903ecb96a9dd02bd8d3d5196de324e45a7c1de274bfa18a7c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28bd50e1700a6f1f7fac639b3f9a6f3593eba117f202f37d4265638c44c2efea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15E0B671014548ABCF21AF58ED0AE993B69FB41795B148418FC05CA223CB35DD52EB84
                                                                                                                                                                                                                                                                                                                                                                      Function 008ED27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 008ED28C
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 81dc27d0ea430a67abc2b4e79761d8c45c0193899caadc9d788e710f7a802265
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f1bc18c6a3619718e1176d6ccd1abae70be427624eee6f39b1df23953b87fc4b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81dc27d0ea430a67abc2b4e79761d8c45c0193899caadc9d788e710f7a802265
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94D0C9B581521DEACF90CB90DC88DDDB37CFB05309F100151F106E2000D73095499F10
                                                                                                                                                                                                                                                                                                                                                                      Function 0091AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 0 91aff9-91b056 call 8b2340 3 91b094-91b098 0->3 4 91b058-91b06b call 89b567 0->4 5 91b09a-91b0bb call 89b567 * 2 3->5 6 91b0dd-91b0e0 3->6 14 91b0c8 4->14 15 91b06d-91b092 call 89b567 * 2 4->15 29 91b0bf-91b0c4 5->29 10 91b0e2-91b0e5 6->10 11 91b0f5-91b119 call 897510 call 897620 6->11 16 91b0e8-91b0ed call 89b567 10->16 31 91b1d8-91b1e0 11->31 32 91b11f-91b178 call 897510 call 897620 call 897510 call 897620 call 897510 call 897620 11->32 19 91b0cb-91b0cf 14->19 15->29 16->11 24 91b0d1-91b0d7 19->24 25 91b0d9-91b0db 19->25 24->16 25->6 25->11 29->6 33 91b0c6 29->33 36 91b1e2-91b1fd call 897510 call 897620 31->36 37 91b20a-91b238 GetCurrentDirectoryW call 8afe0b GetCurrentDirectoryW 31->37 80 91b1a6-91b1d6 GetSystemDirectoryW call 8afe0b GetSystemDirectoryW 32->80 81 91b17a-91b195 call 897510 call 897620 32->81 33->19 36->37 50 91b1ff-91b208 call 8b4963 36->50 46 91b23c 37->46 49 91b240-91b244 46->49 52 91b275-91b285 call 9000d9 49->52 53 91b246-91b270 call 899c6e * 3 49->53 50->37 50->52 62 91b287-91b289 52->62 63 91b28b-91b2e1 call 9007c0 call 9006e6 call 9005a7 52->63 53->52 66 91b2ee-91b2f2 62->66 63->66 99 91b2e3 63->99 73 91b2f8-91b321 call 8f11c8 66->73 74 91b39a-91b3be CreateProcessW 66->74 84 91b323-91b328 call 8f1201 73->84 85 91b32a call 8f14ce 73->85 77 91b3c1-91b3d4 call 8afe14 * 2 74->77 103 91b3d6-91b3e8 77->103 104 91b42f-91b43d CloseHandle 77->104 80->46 81->80 107 91b197-91b1a0 call 8b4963 81->107 98 91b32f-91b33c call 8b4963 84->98 85->98 115 91b347-91b357 call 8b4963 98->115 116 91b33e-91b345 98->116 99->66 105 91b3ea 103->105 106 91b3ed-91b3fc 103->106 109 91b49c 104->109 110 91b43f-91b444 104->110 105->106 111 91b401-91b42a GetLastError call 89630c call 89cfa0 106->111 112 91b3fe 106->112 107->49 107->80 113 91b4a0-91b4a4 109->113 117 91b451-91b456 110->117 118 91b446-91b44c CloseHandle 110->118 127 91b4e5-91b4f6 call 900175 111->127 112->111 120 91b4b2-91b4bc 113->120 121 91b4a6-91b4b0 113->121 137 91b362-91b372 call 8b4963 115->137 138 91b359-91b360 115->138 116->115 116->116 124 91b463-91b468 117->124 125 91b458-91b45e CloseHandle 117->125 118->117 128 91b4c4-91b4e3 call 89cfa0 CloseHandle 120->128 129 91b4be 120->129 121->127 131 91b475-91b49a call 9009d9 call 91b536 124->131 132 91b46a-91b470 CloseHandle 124->132 125->124 128->127 129->128 131->113 132->131 146 91b374-91b37b 137->146 147 91b37d-91b398 call 8afe14 * 3 137->147 138->137 138->138 146->146 146->147 147->77
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0091B198
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0091B1B0
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0091B1D4
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0091B200
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0091B214
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0091B236
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0091B332
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009005A7: GetStdHandle.KERNEL32(000000F6), ref: 009005C6
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0091B34B
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0091B366
                                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0091B3B6
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0091B407
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0091B439
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0091B44A
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0091B45C
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0091B46E
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0091B4E3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 868e8d542aeb5293f1b43b41d6d55e6401347108df3d27ee593aea4471b03671
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e1f57331e3e1e4fb281216a6fb182a54f5d0e609637066d53c2d0d97820a0b4b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 868e8d542aeb5293f1b43b41d6d55e6401347108df3d27ee593aea4471b03671
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54F17D316082449FCB14EF28C891B6EBBE6FF85314F18895DF4959B2A2DB31DC45CB52
                                                                                                                                                                                                                                                                                                                                                                      Function 0089D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 0089D807
                                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0089DA07
                                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0089DB28
                                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0089DB7B
                                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0089DB89
                                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0089DB9F
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0089DBB1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 320e0152bdfad6c1976a443df319697fceb579c3e10fdd11eaeacfc0f1e84fac
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 36f033f7d097c5ddff28991221ac54b62f65b6530414f95ab7a47c321ef7f37a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 320e0152bdfad6c1976a443df319697fceb579c3e10fdd11eaeacfc0f1e84fac
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41420070608345DFDB28EF29C844BAABBE4FF86314F18452DE556C72A1D770E844DB86
                                                                                                                                                                                                                                                                                                                                                                      Function 00892CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00892D07
                                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00892D31
                                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00892D42
                                                                                                                                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 00892D5F
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00892D6F
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 00892D85
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00892D94
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9d263ce87585318c35fdb3f4c4721c03d40907a3be102a645db3d041058b1559
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d8e75c74054c9b484bf86a0e4b0cc68cda9cbea8fb14f83711172fb8153c22c3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d263ce87585318c35fdb3f4c4721c03d40907a3be102a645db3d041058b1559
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5721F4B5D69318AFDB10DFA4EC49BDDBBB8FB08701F04411AF611A62A0D7B10545EF91
                                                                                                                                                                                                                                                                                                                                                                      Function 008D065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 457 8d065b-8d068b call 8d042f 460 8d068d-8d0698 call 8bf2c6 457->460 461 8d06a6-8d06b2 call 8c5221 457->461 466 8d069a-8d06a1 call 8bf2d9 460->466 467 8d06cb-8d0714 call 8d039a 461->467 468 8d06b4-8d06c9 call 8bf2c6 call 8bf2d9 461->468 478 8d097d-8d0983 466->478 476 8d0716-8d071f 467->476 477 8d0781-8d078a GetFileType 467->477 468->466 480 8d0756-8d077c GetLastError call 8bf2a3 476->480 481 8d0721-8d0725 476->481 482 8d078c-8d07bd GetLastError call 8bf2a3 CloseHandle 477->482 483 8d07d3-8d07d6 477->483 480->466 481->480 486 8d0727-8d0754 call 8d039a 481->486 482->466 494 8d07c3-8d07ce call 8bf2d9 482->494 484 8d07df-8d07e5 483->484 485 8d07d8-8d07dd 483->485 490 8d07e9-8d0837 call 8c516a 484->490 491 8d07e7 484->491 485->490 486->477 486->480 500 8d0839-8d0845 call 8d05ab 490->500 501 8d0847-8d086b call 8d014d 490->501 491->490 494->466 500->501 508 8d086f-8d0879 call 8c86ae 500->508 506 8d086d 501->506 507 8d087e-8d08c1 501->507 506->508 510 8d08c3-8d08c7 507->510 511 8d08e2-8d08f0 507->511 508->478 510->511 513 8d08c9-8d08dd 510->513 514 8d097b 511->514 515 8d08f6-8d08fa 511->515 513->511 514->478 515->514 516 8d08fc-8d092f CloseHandle call 8d039a 515->516 519 8d0931-8d095d GetLastError call 8bf2a3 call 8c5333 516->519 520 8d0963-8d0977 516->520 519->520 520->514
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008D039A: CreateFileW.KERNEL32(00000000,00000000,?,008D0704,?,?,00000000,?,008D0704,00000000,0000000C), ref: 008D03B7
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 008D076F
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 008D0776
                                                                                                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 008D0782
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 008D078C
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 008D0795
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 008D07B5
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 008D08FF
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 008D0931
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 008D0938
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0b574bec533af784935a02d02adb354ff64fc9e2adab930d955f6cdbcf702167
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 119ccab581df7f2a219d5ea48e8946f6132d39bc56b26764d01f581f0549dd4d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b574bec533af784935a02d02adb354ff64fc9e2adab930d955f6cdbcf702167
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AA1F332A141089FDF19AF68DC91BAE7BA0FB46324F14025EF815DF392D6719812DF92
                                                                                                                                                                                                                                                                                                                                                                      Function 0089344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00961418,?,00892E7F,?,?,?,00000000), ref: 00893A78
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00893379
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0089356A
                                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 008D318D
                                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008D31CE
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 008D3210
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008D3277
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008D3286
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9b56311e119415866b1beab0a88321fde302a7e6ce3cbe3bcf7840a9607d6fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 28b2afaf81e98b32615296baf8ab3e6081c5133bae45c7e4f4c5896b4e2a66f0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9b56311e119415866b1beab0a88321fde302a7e6ce3cbe3bcf7840a9607d6fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1571C0714187019EC714EF69EC82C6BBBE8FF95B40F44092EF585C32A0EB708A48DB52
                                                                                                                                                                                                                                                                                                                                                                      Function 00892B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00892B8E
                                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00892B9D
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00892BB3
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00892BC5
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00892BD7
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00892BEF
                                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00892C40
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00892CD4: GetSysColorBrush.USER32(0000000F), ref: 00892D07
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00892CD4: RegisterClassExW.USER32(00000030), ref: 00892D31
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00892CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00892D42
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00892CD4: InitCommonControlsEx.COMCTL32(?), ref: 00892D5F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00892CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00892D6F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00892CD4: LoadIconW.USER32(000000A9), ref: 00892D85
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00892CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00892D94
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dae07537430594fac7219fbbffe6d229305b5dbb01ede552acd4727e1e41d7d9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 23af842c03e8c5830eeea6cdf59829ea097ba2a58d5c38de74b6df0bf62aaab1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dae07537430594fac7219fbbffe6d229305b5dbb01ede552acd4727e1e41d7d9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 782109B4E28314ABDB109FA5EC55E9D7FB4FB48B50F48001EE501A67A0D7F14640EF90
                                                                                                                                                                                                                                                                                                                                                                      Function 00893170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 598 893170-893185 599 8931e5-8931e7 598->599 600 893187-89318a 598->600 599->600 601 8931e9 599->601 602 8931eb 600->602 603 89318c-893193 600->603 606 8931d0-8931d8 DefWindowProcW 601->606 607 8d2dfb-8d2e23 call 8918e2 call 8ae499 602->607 608 8931f1-8931f6 602->608 604 893199-89319e 603->604 605 893265-89326d PostQuitMessage 603->605 610 8d2e7c-8d2e90 call 8fbf30 604->610 611 8931a4-8931a8 604->611 613 893219-89321b 605->613 612 8931de-8931e4 606->612 641 8d2e28-8d2e2f 607->641 614 8931f8-8931fb 608->614 615 89321d-893244 SetTimer RegisterWindowMessageW 608->615 610->613 636 8d2e96 610->636 617 8d2e68-8d2e72 call 8fc161 611->617 618 8931ae-8931b3 611->618 613->612 621 8d2d9c-8d2d9f 614->621 622 893201-89320f KillTimer call 8930f2 614->622 615->613 619 893246-893251 CreatePopupMenu I_RpcFreeBuffer 615->619 632 8d2e77 617->632 625 8d2e4d-8d2e54 618->625 626 8931b9-8931be 618->626 627 893253-893263 call 89326f 619->627 629 8d2dd7-8d2df6 MoveWindow 621->629 630 8d2da1-8d2da5 621->630 640 893214 call 893c50 622->640 625->606 639 8d2e5a-8d2e63 call 8f0ad7 625->639 626->627 634 8931c4-8931ca 626->634 627->613 629->613 637 8d2da7-8d2daa 630->637 638 8d2dc6-8d2dd2 SetFocus 630->638 632->613 634->606 634->641 636->606 637->634 643 8d2db0-8d2dc1 call 8918e2 637->643 638->613 639->606 640->613 641->606 646 8d2e35-8d2e48 call 8930f2 call 893837 641->646 643->613 646->606
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0089316A,?,?), ref: 008931D8
                                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,0089316A,?,?), ref: 00893204
                                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00893227
                                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0089316A,?,?), ref: 00893232
                                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00893246
                                                                                                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00893267
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 85dbc354e9583e27a8944e6655cf7c1c1c7427f6ea821a9dfa50be8d90f465b3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3a6925981b7f8a7f14ad14ecfbbb06f0ac2e985d85b9d33a8cd68b61d3fd401c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85dbc354e9583e27a8944e6655cf7c1c1c7427f6ea821a9dfa50be8d90f465b3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F41F731258208A7DF253BB89D0DB7D375AFB05345F0C012AF512D67B1CBA19A41A7A2
                                                                                                                                                                                                                                                                                                                                                                      Function 00891410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 654 891410-891449 655 8d24b8-8d24b9 DestroyWindow 654->655 656 89144f-891465 mciSendStringW 654->656 660 8d24c4-8d24d1 655->660 657 89146b-891473 656->657 658 8916c6-8916d3 656->658 659 891479-891488 call 89182e 657->659 657->660 661 8916f8-8916ff 658->661 662 8916d5-8916f0 UnregisterHotKey 658->662 675 8d250e-8d251a 659->675 676 89148e-891496 659->676 663 8d2500-8d2507 660->663 664 8d24d3-8d24d6 660->664 661->657 667 891705 661->667 662->661 666 8916f2-8916f3 call 8910d0 662->666 663->660 672 8d2509 663->672 668 8d24d8-8d24e0 call 896246 664->668 669 8d24e2-8d24e5 FindClose 664->669 666->661 667->658 674 8d24eb-8d24f8 668->674 669->674 672->675 674->663 678 8d24fa-8d24fb call 9032b1 674->678 681 8d251c-8d251e FreeLibrary 675->681 682 8d2524-8d252b 675->682 679 89149c-8914c1 call 89cfa0 676->679 680 8d2532-8d253f 676->680 678->663 692 8914f8-891503 CoUninitialize 679->692 693 8914c3 679->693 683 8d2566-8d256d 680->683 684 8d2541-8d255e VirtualFree 680->684 681->682 682->675 687 8d252d 682->687 683->680 689 8d256f 683->689 684->683 688 8d2560-8d2561 call 903317 684->688 687->680 688->683 695 8d2574-8d2578 689->695 694 891509-89150e 692->694 692->695 696 8914c6-8914f6 call 891a05 call 8919ae 693->696 697 8d2589-8d2596 call 9032eb 694->697 698 891514-89151e 694->698 695->694 699 8d257e-8d2584 695->699 696->692 712 8d2598 697->712 701 891524-8915a5 call 89988f call 891944 call 8917d5 call 8afe14 call 89177c call 89988f call 89cfa0 call 8917fe call 8afe14 698->701 702 891707-891714 call 8af80e 698->702 699->694 716 8d259d-8d25bf call 8afdcd 701->716 743 8915ab-8915cf call 8afe14 701->743 702->701 715 89171a 702->715 712->716 715->702 722 8d25c1 716->722 725 8d25c6-8d25e8 call 8afdcd 722->725 731 8d25ea 725->731 735 8d25ef-8d2611 call 8afdcd 731->735 741 8d2613 735->741 744 8d2618-8d2625 call 8f64d4 741->744 743->725 750 8915d5-8915f9 call 8afe14 743->750 749 8d2627 744->749 752 8d262c-8d2639 call 8aac64 749->752 750->735 755 8915ff-891619 call 8afe14 750->755 758 8d263b 752->758 755->744 760 89161f-891643 call 8917d5 call 8afe14 755->760 761 8d2640-8d264d call 903245 758->761 760->752 769 891649-891651 760->769 768 8d264f 761->768 771 8d2654-8d2661 call 9032cc 768->771 769->761 770 891657-891675 call 89988f call 89190a 769->770 770->771 780 89167b-891689 770->780 776 8d2663 771->776 779 8d2668-8d2675 call 9032cc 776->779 785 8d2677 779->785 780->779 782 89168f-8916c5 call 89988f * 3 call 891876 780->782 785->785
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00891459
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 008914F8
                                                                                                                                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 008916DD
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 008D24B9
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 008D251E
                                                                                                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 008D254B
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 23b5aa4e4092b1e86d475a37809de655bef1ef32506694a14002dc7facba601d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 35e1daf44358ee6d9c0f71aa001b4afc0787b7cc3c33fa547ccbf9e19d044cb7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23b5aa4e4092b1e86d475a37809de655bef1ef32506694a14002dc7facba601d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CED17A306052128FDF29EF58D899A28F7A4FF15710F1942AEE54AEB352CB30AC12CF51
                                                                                                                                                                                                                                                                                                                                                                      Function 008FDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 793 8fde27-8fde4a WSAStartup 794 8fdee6-8fdef2 call 8b4983 793->794 795 8fde50-8fde71 gethostname gethostbyname 793->795 803 8fdef3-8fdef6 794->803 795->794 796 8fde73-8fde7a 795->796 798 8fde7c-8fde81 796->798 799 8fde83-8fde85 796->799 798->798 798->799 801 8fde87-8fde94 call 8b4983 799->801 802 8fde96-8fdedb call 8b0e20 inet_ntoa call 8bd5f0 call 8febd1 call 8b4983 call 8afe14 799->802 808 8fdede-8fdee4 WSACleanup 801->808 802->808 808->803
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 47b4a75c202011db51ab1c41602f9d303a4b8889d3ed71b822cd2065d3c5976c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5682750899a8b46527d3474a1d4530eb0cff5e51abe7764d22b7eab4247d3d00
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47b4a75c202011db51ab1c41602f9d303a4b8889d3ed71b822cd2065d3c5976c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92110671904218ABCB30BB749C0AEEE77ADFF11715F010169F745EA192EF718A819A61
                                                                                                                                                                                                                                                                                                                                                                      Function 00892C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 827 892c63-892cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00892C91
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00892CB2
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00891CAD,?), ref: 00892CC6
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00891CAD,?), ref: 00892CCF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d688989f4328e9c6191431fe38cd3234dda0d94da89d1664a35ca2731dd0e44
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16086661ea0bb5467170e13aa6e4ded9668d2ab2685a79c4ed768fc568a9c398
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d688989f4328e9c6191431fe38cd3234dda0d94da89d1664a35ca2731dd0e44
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2F0FEB55643907AEB711717AC08E7B3EBDD7CAF50F04005EF901A36A0C6B11851FAB1
                                                                                                                                                                                                                                                                                                                                                                      Function 00893B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 978 893b1c-893b27 979 893b99-893b9b 978->979 980 893b29-893b2e 978->980 981 893b8c-893b8f 979->981 980->979 982 893b30-893b48 RegOpenKeyExW 980->982 982->979 983 893b4a-893b69 RegQueryValueExW 982->983 984 893b6b-893b76 983->984 985 893b80-893b8b RegCloseKey 983->985 986 893b78-893b7a 984->986 987 893b90-893b97 984->987 985->981 988 893b7e 986->988 987->988 988->985
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B40
                                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B61
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00893B0F,SwapMouseButtons,00000004,?), ref: 00893B83
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 74dff3abd12816532a9f2a4981b459ca14873aba5954229fb5d068bd7bef8bf4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 86e8bfc48efd9721b9eaffcbc13740dbd8ea730302b4055da9ac2f5be9c5e1d4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74dff3abd12816532a9f2a4981b459ca14873aba5954229fb5d068bd7bef8bf4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97112AB5520208FFDF209FA5DC44EAEB7B8FF05754B144459A805D7210D2719E41A7A0
                                                                                                                                                                                                                                                                                                                                                                      Function 008ED3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 989 8ed3a0-8ed3a9 990 8ed3ab-8ed3b7 989->990 991 8ed376-8ed37b 989->991 992 8ed3c9 990->992 993 8ed3b9-8ed3c7 GetProcAddress 990->993 994 8ed292-8ed2a8 991->994 995 8ed3ce-8ed3de 992->995 993->992 993->995 997 8ed2a9 994->997 995->994 999 8ed3e4-8ed3eb FreeLibrary 995->999 997->997 999->994
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 008ED3BF
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32 ref: 008ED3E5
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 74849476ac59ca70e728ae875e0f080d4ca115f6beb6b6416f8e90d6ea32c305
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91ced510ec9539a3fb5908540f2794317a951b155fa1ba4f4062fcc059781c8c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74849476ac59ca70e728ae875e0f080d4ca115f6beb6b6416f8e90d6ea32c305
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9F0ABB190EB71DBD33152134C5496E3320FF03706B588115FA02E624AE720CD4E82E2
                                                                                                                                                                                                                                                                                                                                                                      Function 0089DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      • Variable must be of type 'Object'., xrefs: 008E32B7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8c438080ee94c76bedeec3727a4ad72f2757629a478c49d6f77c82e2a65804b5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a95f77c1f62306551ee492babf99a290f2d53d34d8ec7673f1d99007a33c9782
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c438080ee94c76bedeec3727a4ad72f2757629a478c49d6f77c82e2a65804b5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17C27970A00214DFCF24EF98C884AADBBB1FB19314F288569E956EB391D375ED41CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 0089EC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0089FE66
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 899391580f50e6592649ad091427801b7259e575d7ba5480e4ac51ced1dd4c86
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4395d146b406582efe3cbf7488a492d1b44d2172e27683277163030cc965f26c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 899391580f50e6592649ad091427801b7259e575d7ba5480e4ac51ced1dd4c86
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7B25B74608341CFDB28EF18C490A2ABBE1FB95314F28486DF999DB352D771E841DB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00893923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008D33A2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00893A04
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ab1c9eee82a608ff585583c52ab65e3ccefd8297a3a7ada488433ac24984fa99
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a3024f1789a461adda91fbd15b40ce8b9cc6e7825fb59294a48ea318d79cf24b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab1c9eee82a608ff585583c52ab65e3ccefd8297a3a7ada488433ac24984fa99
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24319E71408304AACB25FB24DC45BEBB7E8FB45714F08452EF59AD2291EBB09A4897C3
                                                                                                                                                                                                                                                                                                                                                                      Function 008AFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 008B0668
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B32A4: RaiseException.KERNEL32(?,?,?,008B068A,?,00961444,?,?,?,?,?,?,008B068A,00891129,00958738,00891129), ref: 008B3304
                                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 008B0685
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cae41efc5f43434e1d54b72f41f009ef58a62cf49f23474686318fb490d0a5ba
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 00b10530fef9474ccab8bf72a0560d0463bf983825b11f5031a3c560354be037
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cae41efc5f43434e1d54b72f41f009ef58a62cf49f23474686318fb490d0a5ba
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FF0C23490030D778F10B6A8D846CDF776CFE51354B604131B914E6AA2EF71EA29CE82
                                                                                                                                                                                                                                                                                                                                                                      Function 008910F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00891BF4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00891BFC
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00891C07
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00891C12
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00891C1A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00891BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00891C22
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00891B4A: RegisterWindowMessageW.USER32(00000004,?,008912C4), ref: 00891BA2
                                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0089136A
                                                                                                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32 ref: 00891388
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 008D24AB
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b41b78a2b775e05ec0ca251360b0a7f890c8316d8e3332f35c1cec92e9db017
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d620dbd461a26656187f62bdc0be0d2c1a0ff9f6a06bcc9b71b5d8dd89a5b71
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b41b78a2b775e05ec0ca251360b0a7f890c8316d8e3332f35c1cec92e9db017
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD719EB89293018FCB94EF7EA945659BAE5FB8834475C812EE01BC7271EBB04441FF46
                                                                                                                                                                                                                                                                                                                                                                      Function 008FC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00893A04
                                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 008FC259
                                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 008FC261
                                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008FC270
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6dd7f2f48ef0ec329a65627a81660d453c7b5f1ec17ab1c2e7b152e821a0a0db
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21d20694b62bce18437a5170261195a419c7d0bd5718d9bee1e17d384bbe80c2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6dd7f2f48ef0ec329a65627a81660d453c7b5f1ec17ab1c2e7b152e821a0a0db
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA31507090434CAFEB329B748955BEABBECEB06308F04049AD69AA7241C7745B85DB51
                                                                                                                                                                                                                                                                                                                                                                      Function 008C86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,?,008C85CC,?,00958CC8,0000000C), ref: 008C8704
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,008C85CC,?,00958CC8,0000000C), ref: 008C870E
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 008C8739
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 35c035248079ffd473162e05b4480642cc588d6ffa3bdb1937ac82ec6d47ae49
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4455a974d03749d28d6183481873a8d493c017a93db1ac32bb241528dc2e726f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35c035248079ffd473162e05b4480642cc588d6ffa3bdb1937ac82ec6d47ae49
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE012F32645560A6D62462385C49F7F6775EB92778F35021DF814CB2D2DEB0DCC19151
                                                                                                                                                                                                                                                                                                                                                                      Function 0089DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0089DB7B
                                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0089DB89
                                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0089DB9F
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0089DBB1
                                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 008E1CC9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f9dd338e5dc12beefce4b45ecac8ec0f5fbe02f4a2cf4a5e75eaa5410fdf064b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6fee235694796d97a6790c2d6d94b5fd0da2f401dd90345bf4cea248f06a700e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9dd338e5dc12beefce4b45ecac8ec0f5fbe02f4a2cf4a5e75eaa5410fdf064b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FF05E706183809BEB30DB608C49FAA73ACFB45310F144A29E60AD30C0DB70A4899B25
                                                                                                                                                                                                                                                                                                                                                                      Function 008A1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 008A17F6
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc07b2816773c0ec15aa65883974724dd8558281fda707575f5873454eca86f2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 39f7d20a374ba6fdc236f09954c1bcec1e20a563a46046332b58b72099b3c0cf
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc07b2816773c0ec15aa65883974724dd8558281fda707575f5873454eca86f2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B228C706082419FEB14DF19C484A2ABBF1FF96354F18892DF496CB7A2D771E851CB82
                                                                                                                                                                                                                                                                                                                                                                      Function 008A01E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e479bfcb7e5e9f8f91df4e7aadbb40ecd827436331c5b9d9ad281c96a10e0e89
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9a1be73fcc97ec560f598db135e85e2261575fd9b6ba518926595a230450477
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e479bfcb7e5e9f8f91df4e7aadbb40ecd827436331c5b9d9ad281c96a10e0e89
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C532BE70A00605DFEF24DF59C885BAEB7A1FF06318F148529F916EB6A1D731AD40CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00892DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 008D2C8C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00892DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00892DC4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0ed4b96ec2f376f98325954ae7161ed82275fbaccc16508ae0fcd50754671f65
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c91f5a0d5cb40f5cf315136829a709ea0c671cc117148384939478fe7b9c2347
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ed4b96ec2f376f98325954ae7161ed82275fbaccc16508ae0fcd50754671f65
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A421C371A10258AFCF01EF98C845BEE7BF8FF48315F04405AE405E7341EBB45A498BA2
                                                                                                                                                                                                                                                                                                                                                                      Function 008ED363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetComputerNameW.KERNEL32(?,?), ref: 008ED375
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cd4cbe1df5a741b5cb2d7a653802dc1b1bcee3c8c11b860b9f47ae1bd81d71e1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8b0b24994fe1931753eab8ec147336deb22a7ff0f4aa91801a17d025b6f3be75
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd4cbe1df5a741b5cb2d7a653802dc1b1bcee3c8c11b860b9f47ae1bd81d71e1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08D0C9B581525CEACB90CB41DC88DDDB37CFF05309F504551F102E2400D730A5489B10
                                                                                                                                                                                                                                                                                                                                                                      Function 00893837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00893908
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 76eeb17d8f5ac7cca37728bc77b0428c05ab2cc0ee0212be830e7654709b401c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21b7b6c13e7dca0bdeaa9d30f2006a82c792022f004b200fea3035caf123ef8f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76eeb17d8f5ac7cca37728bc77b0428c05ab2cc0ee0212be830e7654709b401c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9831A5706083019FD720EF64D884B97BBE4FB49708F04092EF59AD7350E7B1AA44DB92
                                                                                                                                                                                                                                                                                                                                                                      Function 008AF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 008AF661
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0089D730: GetInputState.USER32 ref: 0089D807
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 008EF2DE
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a675b1a033f6235f664c23328275181cac2081557ea2ccda77eacdbbea1cd846
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9443d75bbc372ee0309d6825cca68b0b25adca336c7c5b45d969006b2dfab4b9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a675b1a033f6235f664c23328275181cac2081557ea2ccda77eacdbbea1cd846
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F0A071244605AFD310FFB9E549B6AB7E8FF46761F000029F959C7361DB70A800CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 0089B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0089BB4E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6e6c456fc127ef8108003cd39d36fad27f611de1dff3795c8fd1eb1c3a5b9ff0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 408bcbd1beadaf2f418491b04f630a42536adf367d292de5e8657dcd87051f45
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e6c456fc127ef8108003cd39d36fad27f611de1dff3795c8fd1eb1c3a5b9ff0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F32DC30A00249EFDF20DF59D984ABAB7B9FF45314F188059E906EB351D7B4AD81CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00894ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00894E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E9C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00894E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00894EAE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00894E90: FreeLibrary.KERNEL32(00000000,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EC0
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EFD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00894E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E62
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00894E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00894E74
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00894E59: FreeLibrary.KERNEL32(00000000,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E87
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8b69a12b74fbf73204574a310d78d0e6325e19c693a9ea0a1735fd059f9da5e9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e6d1266c9f54773a2ef5d36a5a908c7b38ecdc95044cdbf7dc929844049cdcbc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b69a12b74fbf73204574a310d78d0e6325e19c693a9ea0a1735fd059f9da5e9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F11E332610206AACF24BF68DC02FAD77A5FF40754F14842EF542E62D1EE709A069752
                                                                                                                                                                                                                                                                                                                                                                      Function 008C8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a9b92e1c562d6b3542e86ac429d90e992d1faa678ce17fd50cc4528eba1f4b00
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5083a7febc39ae3059187483c17c341bf574336568f2d1a24e197245a54617f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9b92e1c562d6b3542e86ac429d90e992d1faa678ce17fd50cc4528eba1f4b00
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1911067590410AEFCB09DF58E941E9A7BF9FF48314F154069F808EB312DA31DA118BA5
                                                                                                                                                                                                                                                                                                                                                                      Function 008C5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C4C7D: RtlAllocateHeap.NTDLL(00000008,00891129,00000000,?,008C2E29,00000001,00000364,?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?), ref: 008C4CBE
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C506C
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 800f1f7c456e79f56497951ae311af87e7a36e2de5bd512f15f5061af29902c0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A012672204B046BE721CE699881F5AFBF8FB89370F25051DE584C32C0EA30E845C6B4
                                                                                                                                                                                                                                                                                                                                                                      Function 008BE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 236fea34805a80266800176e8e5155fe3b2efefbbcda6b351d84c8fb41a8b388
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFF06D32511A14AED6312A6D9C05FDA27A8FF62335F100619F925D23D2DA74E805C6A6
                                                                                                                                                                                                                                                                                                                                                                      Function 008C4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,00891129,00000000,?,008C2E29,00000001,00000364,?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?), ref: 008C4CBE
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 25384aaacff44599c3c2433ed6397a438204bdd454abe9cf8238d0f3b3d78cc1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f36917f3ed5f5642b8eae424ddf131f7450b4de76af5236e8e680b7d08e47aff
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25384aaacff44599c3c2433ed6397a438204bdd454abe9cf8238d0f3b3d78cc1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9F0243160622467DB201F269C16F9A37A8FF403B0B046119FC05E62A1CAB0D84042E0
                                                                                                                                                                                                                                                                                                                                                                      Function 008C3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e15aabee7f0bb796454bc579a3ce4538746a1ccb5e24f49a774eee475aa23e54
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 592a268a774d07c1c6a910e22b1cf780f33aa0ee79b99d2f2defffefe2a13e65
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e15aabee7f0bb796454bc579a3ce4538746a1ccb5e24f49a774eee475aa23e54
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FEE0E53110822457E6312A6A9C02FDA3778FB427B0F058038BC15D2692CB70DE0385E1
                                                                                                                                                                                                                                                                                                                                                                      Function 00894F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894F6D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 39bb8375506e9b740dfd34883b87de1cf7188290e5e5cbcc4081d5cd7fa63afc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7542eecfd74a6ae9487c1846a06ffbf89a5899d8ff3738e22445fde5df442b6e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39bb8375506e9b740dfd34883b87de1cf7188290e5e5cbcc4081d5cd7fa63afc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF015B1109752CFDB34AF64D494C66BBE4FF143293289A6EE1EAC2621CB319845DB10
                                                                                                                                                                                                                                                                                                                                                                      Function 00922A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00922A66
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d794e7c05b90300d0257439a579b175334b0082031c73221653184d262b88b7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: aa5fa0a211dea0612f0ae67b717935d25007c3c7b3e8d5ecd2d40c1b5f06e6b2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d794e7c05b90300d0257439a579b175334b0082031c73221653184d262b88b7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16E0DF3235422ABAC710EB30EC809FE734CEB543907100536AC16C2590DB34998182A0
                                                                                                                                                                                                                                                                                                                                                                      Function 008930F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0089314E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aeb6b2a8347423c4c856e98b3b5d9350afb559f579edec67031cf192d6714624
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b2ae2000cba55576ddd15721df82509998a945e6a00fab1e727aa7277b30d08f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aeb6b2a8347423c4c856e98b3b5d9350afb559f579edec67031cf192d6714624
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7F0A7709183049FEB52AB24DC45BDA7BFCB701708F0400E9E149D6391D7B05788DF81
                                                                                                                                                                                                                                                                                                                                                                      Function 00892DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00892DC4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9e9a83864cb6431eb5bb39d28425194e25c5b646d4edc222299dca02119108fd
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 22dae07b4a1793604007a3ca8e436f36228cf0272beddce6e0b419be6a5024a0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e9a83864cb6431eb5bb39d28425194e25c5b646d4edc222299dca02119108fd
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4E0CD726041245BCB20A39CDC05FDA77DDEFC8790F040171FD09D7248ED60ED848551
                                                                                                                                                                                                                                                                                                                                                                      Function 00892B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00893908
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0089D730: GetInputState.USER32 ref: 0089D807
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00892B6B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008930F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0089314E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f06e02803a0524bb4e4f2f6ff81353edeca4508b7005711d0a38faf5629ddfa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b98a53f69119ddb04c254cc7230c53cc1c5707674e02e5c28968940bd2ead9e8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f06e02803a0524bb4e4f2f6ff81353edeca4508b7005711d0a38faf5629ddfa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEE0862130434416CE18BB7D985257DA799FBD5351F4C153EF146D3172DE6445454253
                                                                                                                                                                                                                                                                                                                                                                      Function 008FDF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 008FDF40
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0f418ffacbabf301a73c62046cb2b988ec9bedc01769dfc980fa15491618451e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a920c655ee2584f57897da425de8bdc80769100d59cc9c2649cdf7cfaf7d049a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f418ffacbabf301a73c62046cb2b988ec9bedc01769dfc980fa15491618451e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27D05EE2A002282BDF60B6749C0DDFB3AACD740220F0006A0786DD3152F920DE4586B0
                                                                                                                                                                                                                                                                                                                                                                      Function 008D039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,008D0704,?,?,00000000,?,008D0704,00000000,0000000C), ref: 008D03B7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f6fb27f156d3203d4ebc8efb55de492b22e4c2461b81ff4d83132a1aecf4fe96
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fa79bcd366218414ed4a0a73c82ecf08c83433f5f4f99570275048d5f769fec2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6fb27f156d3203d4ebc8efb55de492b22e4c2461b81ff4d83132a1aecf4fe96
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8D06C3205410DBBDF129F84DD06EDA3BAAFB48714F014000BE1856021C732E832AB90
                                                                                                                                                                                                                                                                                                                                                                      Function 00891CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00891CBC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f29f214c0c3596f4df1ae9b8f0e0985eed36f7c5530a3a0ddc0d4fa557bf138b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 92963e06b4f375e39d97179305db82b64f417297f3a27d8cbc09edb8539fa819
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f29f214c0c3596f4df1ae9b8f0e0985eed36f7c5530a3a0ddc0d4fa557bf138b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CC092362AC304AFF3248B80BC4AF147764A758B00F088005F60AA96E3C3E26820FA90

                                                                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                      Function 00929576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0092961A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0092965B
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0092969F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009296C9
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 009296F2
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 0092978B
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 00929798
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009297AE
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 009297B8
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009297E9
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00929810
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,00927E95), ref: 00929918
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0092992E
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00929941
                                                                                                                                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 0092994A
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 009299AF
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009299BC
                                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009299D6
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 009299E1
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00929A19
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00929A26
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00929A80
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00929AAE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00929AEB
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00929B1A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00929B3B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00929B4A
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00929B68
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00929B75
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00929B93
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00929BFA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00929C2B
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00929C84
                                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00929CB4
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00929CDE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00929D01
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00929D4E
                                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00929D82
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00929E05
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 433778318564e539dd0b2b913c6c8d4395f7a85240f76fc14a06d5c860623896
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4813a71111500988038904f46280012160892ce3022712ce4ccc4c092347e004
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 433778318564e539dd0b2b913c6c8d4395f7a85240f76fc14a06d5c860623896
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E242DD70208211AFDB24CF28EC44EAABBE9FF49314F140A1DF699872A4D731E851DF52
                                                                                                                                                                                                                                                                                                                                                                      Function 00924873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009248F3
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00924908
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00924927
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0092494B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0092495C
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0092497B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009249AE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009249D4
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00924A0F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00924A56
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00924A7E
                                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00924A97
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00924AF2
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00924B20
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00924B94
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00924BE3
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00924C82
                                                                                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00924CAE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00924CC9
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00924CF1
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00924D13
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00924D33
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00924D5A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a2cdee3bb05a85fd721852199baef5ecc539c07dd1cab6ba43a18c5d4aebae31
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 00e3a2984b55572b9fe2dc53d9598838d605c742406f20c8362de4444b75b01f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2cdee3bb05a85fd721852199baef5ecc539c07dd1cab6ba43a18c5d4aebae31
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9212F171600225ABEB248F28EC49FAE7BF8FF85710F104529F516EB2E5DB789941CB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008AF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 008AF998
                                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008EF474
                                                                                                                                                                                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 008EF47D
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000009), ref: 008EF48A
                                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 008EF494
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008EF4AA
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 008EF4B1
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008EF4BD
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 008EF4CE
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 008EF4D6
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 008EF4DE
                                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 008EF4E1
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF4F6
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 008EF501
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF50B
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 008EF510
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF519
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 008EF51E
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 008EF528
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 008EF52D
                                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 008EF530
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 008EF557
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 939ede3ac10b7bf312df9464f4d0b76f07cc67f2253a0124c9b089faefe00293
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d55460cdbaedcab1cb441cb2fbc0c6ad2cb1090a77230e2aa4850ff5a608461
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 939ede3ac10b7bf312df9464f4d0b76f07cc67f2253a0124c9b089faefe00293
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D53130B1A54218BAEB316BB65C4AFBF7E6CFB45B50F100065FA01E61D1C6B19901BBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F16C3: GetLastError.KERNEL32 ref: 008F174A
                                                                                                                                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 008F1286
                                                                                                                                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008F12A8
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 008F12B9
                                                                                                                                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008F12D1
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 008F12EA
                                                                                                                                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 008F12F4
                                                                                                                                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 008F1310
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008F11FC), ref: 008F10D4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10BF: CloseHandle.KERNEL32(?,?,008F11FC), ref: 008F10E9
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 54c21af826d4a9e9c2f32d08e4572aeef7cc82bcd18293790fde417a4ee67a8c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a6ae81dcb3d6b9ae1f8e9f51531b02ecb589c112b293cdad1d7f72fd99b0343c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54c21af826d4a9e9c2f32d08e4572aeef7cc82bcd18293790fde417a4ee67a8c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 608188B1900209EBDF249FA8CC89BFE7BBAFF44704F144129FA11E62A1D7308955DB65
                                                                                                                                                                                                                                                                                                                                                                      Function 008F0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008F0BCC
                                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008F0C00
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 008F0C17
                                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 008F0C51
                                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008F0C6D
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 008F0C84
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008F0C8C
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 008F0C93
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008F0CB4
                                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 008F0CBB
                                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008F0CEA
                                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008F0D0C
                                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008F0D1E
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D45
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F0D4C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D55
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F0D5C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0D65
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F0D6C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 008F0D78
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F0D7F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1193: GetProcessHeap.KERNEL32(00000008,008F0BB1,?,00000000,?,008F0BB1,?), ref: 008F11A1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008F0BB1,?), ref: 008F11A8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008F0BB1,?), ref: 008F11B7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3273f70116be7978fe8e1d29911112cc4e5e17182c002ec48db7ae0513357611
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8ead7a390e6ac9483ddd1f21660ab863d80b75e5e3f9e38af61572c3d40a6a70
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3273f70116be7978fe8e1d29911112cc4e5e17182c002ec48db7ae0513357611
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52714BB190420EAFDF209FA4DC45BBEBBB9FF04300F144615EA14E6192D775A906DFA0
                                                                                                                                                                                                                                                                                                                                                                      Function 0090EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(0092CC08), ref: 0090EB29
                                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 0090EB37
                                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 0090EB43
                                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0090EB4F
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0090EB87
                                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0090EB91
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0090EBBC
                                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0090EBC9
                                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 0090EBD1
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0090EBE2
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0090EC22
                                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 0090EC38
                                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000F), ref: 0090EC44
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0090EC55
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0090EC77
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0090EC94
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0090ECD2
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0090ECF3
                                                                                                                                                                                                                                                                                                                                                                      • CountClipboardFormats.USER32 ref: 0090ED14
                                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0090ED59
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9048e19f288e93fbede0535f15b1d7e222f90ee9707be114ed568965599dc440
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06468242b05d62336b0aa1172c376154ce933b29569b021ea41e497768a597d3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9048e19f288e93fbede0535f15b1d7e222f90ee9707be114ed568965599dc440
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4861AE752082029FD710EF28D895F2A77A8FF84704F18491DF496D72E1DB31E946DBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 0090698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 009069BE
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00906A12
                                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00906A4E
                                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00906A75
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00906AB2
                                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00906ADF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f68005460cc8593ca36fa0ff27de0bbd726fc8dd93c986ee4c54b0cbaab05c78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2783f8369899f9ff4257ff579e11e2332935a968bf793d62b2a3b93f0dd45f70
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f68005460cc8593ca36fa0ff27de0bbd726fc8dd93c986ee4c54b0cbaab05c78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BD13DB2508300AEC714EBA8C881EABB7ECFF98704F44491DF595D6191EB74DA44CB63
                                                                                                                                                                                                                                                                                                                                                                      Function 00909642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,774C8FB0,?,00000000), ref: 00909663
                                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 009096A1
                                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 009096BB
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 009096D3
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 009096DE
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 009096FA
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0090974A
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00956B7C), ref: 00909768
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00909772
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0090977F
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0090978F
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2edc2916c54b7509977beb095adc86823311e9667b36fb9e1a85f310be22fdd2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d800dfdb194ec595b4273aec75985798057a7268eac5e734f9a91fcad8cf6507
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2edc2916c54b7509977beb095adc86823311e9667b36fb9e1a85f310be22fdd2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1310272545219AECF20EFB4EC09ADE77ACAF49321F104155F814E31E1DB31DE458B50
                                                                                                                                                                                                                                                                                                                                                                      Function 0090979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,774C8FB0,?,00000000), ref: 009097BE
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00909819
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00909824
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00909840
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00909890
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00956B7C), ref: 009098AE
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 009098B8
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 009098C5
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 009098D5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 008FDB00
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 37877ce5bf4c25a522678b5bff5c284880b860615f8654589812e0508696652d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 694e555a289080af42f0f75ce0f9eae0a45f05e4d7056f327ab9fca92be8527d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37877ce5bf4c25a522678b5bff5c284880b860615f8654589812e0508696652d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C931E3725456196EDB20EFB4EC48ADE37ACEF46324F108555ED10E32E1DB30D9458B60
                                                                                                                                                                                                                                                                                                                                                                      Function 008FD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 008FD122
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 008FD1DD
                                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 008FD1F0
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 008FD20D
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 008FD237
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,008FD21C,?,?), ref: 008FD2B2
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 008FD253
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 008FD264
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc266ce45e32795b74c46572081266bed63b283d3acf38afe75e7e752ed8618f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a8feb917be64c69676694ace2046f49cb61d543fc505f8fc6f0e81d8c613e4cf
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc266ce45e32795b74c46572081266bed63b283d3acf38afe75e7e752ed8618f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45615B3180520D9ACF15EBA8C9929FDB7B6FF15300F244169E611B7191EB30AF09DBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 0090ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c7f370511ca35619562d8186c829ab20022e9c5b620b53a21289ff0ec192a333
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b147001cbcaba10bdcde89d8cff23e3297f0c30a0bbd9714f7b2f97fad4e74d2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7f370511ca35619562d8186c829ab20022e9c5b620b53a21289ff0ec192a333
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D419D75208611AFD720DF15E888F19BBE5FF44318F18C499E41A8B6A2C775EC42CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 008FE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F16C3: GetLastError.KERNEL32 ref: 008F174A
                                                                                                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 008FE932
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                      • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1416761e4ed485ebc92b4cf1da17e9a01d69d29e12ed4c3c102160d7a3e84e75
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab336dfda560312aebb030cc8e95c9bb84bd2c0edf407dc63b68b8cdaac4a783
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1416761e4ed485ebc92b4cf1da17e9a01d69d29e12ed4c3c102160d7a3e84e75
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5901267272021CABEB246BB89C8AFBF769CFB14745F140521FE02E21E1E9E05C4092F0
                                                                                                                                                                                                                                                                                                                                                                      Function 00911204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00911276
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00911283
                                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 009112BA
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 009112C5
                                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 009112F4
                                                                                                                                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00911303
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 0091130D
                                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 0091133C
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5526a853660c60f779a0cd1b06fe1e6799113a23503940eedf3bbc18cd82afbd
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1ca1a20a0a8f40f7aad1cd102dba08ff8e064d29319ec89850b4d5fab313381b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5526a853660c60f779a0cd1b06fe1e6799113a23503940eedf3bbc18cd82afbd
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF41A071600144AFD720DF28C488B69BBE5BF46318F188488E9668F296C771ECC2CBE1
                                                                                                                                                                                                                                                                                                                                                                      Function 008CB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CB9D4
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CB9F8
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CBB7F
                                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00933700), ref: 008CBB91
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0096121C,000000FF,00000000,0000003F,00000000,?,?), ref: 008CBC09
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00961270,000000FF,?,0000003F,00000000,?), ref: 008CBC36
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CBD4B
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c818d0e14a3b365848978bb1bdaca10b4ff346b7eb6187043a8da6d5445da13d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a3b8c324f589b32906d69aca8e12af8548409279600faaf13ac5564a7d450ba
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c818d0e14a3b365848978bb1bdaca10b4ff346b7eb6187043a8da6d5445da13d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28C11671904A58AFCB249F789C52FAA7BB8FF41360F1841AEE491D7291EB30CE41DB51
                                                                                                                                                                                                                                                                                                                                                                      Function 008FD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 008FD420
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 008FD470
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 008FD481
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 008FD498
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 008FD4A1
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a1e23ba25e6635c9c89efb038ae711dfe98280e0a3e9e41ffd0f011c96f158d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ff9cb0bf80bb69b22723e37cd65236eb6346b8c90431ea6ef479844afd733f39
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a1e23ba25e6635c9c89efb038ae711dfe98280e0a3e9e41ffd0f011c96f158d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B316D710183459BC714FF68D8918BFB7A8FEA1304F484A2DF5E5D3191EB20EA0997A7
                                                                                                                                                                                                                                                                                                                                                                      Function 008CE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc197b249716cc5abe6e400222a34c5d60ff381dbac5a0950f7ce0859bb182a3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f0c6d1d3a11715df4b10b0643bc3036199989e2c1f0edbfebfc07b024652ad44
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc197b249716cc5abe6e400222a34c5d60ff381dbac5a0950f7ce0859bb182a3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2C21971E086288FDB25CE289D40BEAB7B6FB48315F1541EED54DE7241E774AE818F40
                                                                                                                                                                                                                                                                                                                                                                      Function 0090648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009064DC
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00906639
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0092FCF8,00000000,00000001,0092FB68,?), ref: 00906650
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 009068D4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6f9e8ffe15e75f563a0830082a6ee27d33da403c548dc0e6d6252dad2742ac12
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 28791d021bef899f73c4e7fc557aa62baa9867efa2b81dee04b9cf514bd16428
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f9e8ffe15e75f563a0830082a6ee27d33da403c548dc0e6d6252dad2742ac12
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EED13971508201AFC714EF28C881D6BB7E9FF94704F44496DF595CB291EB71E909CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 009122DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 009122E8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0090E4EC: GetWindowRect.USER32(?,?), ref: 0090E504
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00912312
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00912319
                                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00912355
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00912381
                                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 009123DF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 74574ddbeff6d6bdbf6cf66ca01a06cf764c928cbfcc50f1b111749290f95d92
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 854b4648990de76f77df961e277c3f390c31b18d6a49f885a3097731aa95e7a9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74574ddbeff6d6bdbf6cf66ca01a06cf764c928cbfcc50f1b111749290f95d92
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0231D072608319AFC720EF14C849F9BBBA9FF84710F000919F995D7191DB34EA5ACB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00909B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00909B78
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00909C8B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00903874: GetInputState.USER32 ref: 009038CB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00903874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00903966
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00909BA8
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00909C75
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0ec7b3a038fe2f1921fa9837fe4047f69c12eb082cd1d3326f55d9a113e4115f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 916f5d5ec7c1320197047e399e0889a4fca7ff2a5565f83b6c9e82477bcf2f80
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ec7b3a038fe2f1921fa9837fe4047f69c12eb082cd1d3326f55d9a113e4115f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D418071D4421A9FDF14EF68C845AEE7BB8FF15310F244056E849A22D2EB309E44CF61
                                                                                                                                                                                                                                                                                                                                                                      Function 008A997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 008A9A4E
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 008A9B23
                                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 008A9B36
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ee6ad27072890388365bd0ccef7cbc6b0cd02bf6f5f4de3406cfe051af14391e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 41fc4b36d2ef27e434c40ade22378a3229da0678295fbeb6d0d1ea74c45b1ef2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee6ad27072890388365bd0ccef7cbc6b0cd02bf6f5f4de3406cfe051af14391e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95A1297011C4A8BEF728AA3D9C49F7B3A9DFB83358F15410AF582C6DD5CA25AD01D272
                                                                                                                                                                                                                                                                                                                                                                      Function 00911806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091304E: _wcslen.LIBCMT ref: 0091309B
                                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0091185D
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00911884
                                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 009118DB
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 009118E6
                                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00911915
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 10023fd1dd051b11c6ea957fcddb6b1135b0e9d34f986ec5e7d4163450e3e799
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9bf350b59bb7a965c4ba897ee1fe0e62dad903fcb7a78eed6575f12f1ac95c2e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10023fd1dd051b11c6ea957fcddb6b1135b0e9d34f986ec5e7d4163450e3e799
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5551C771B002106FEB10AF28D886F6A77E5EB45718F08C498F9159F3D3D771AD418B92
                                                                                                                                                                                                                                                                                                                                                                      Function 00921C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1d9466be4f216c95e63c074e98c4bda99d73ec6fe28204542bc267efc30cc541
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a3f4a3f359556b0c0b332016e5733b216b246d195e7003680b06eb978298842a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d9466be4f216c95e63c074e98c4bda99d73ec6fe28204542bc267efc30cc541
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D21E5357442219FD720DF1AE844B2A7BE9FFA5314F198068E88ACB355CB71EC42CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 00898060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac8de6d5751c08d174887cfb27fcb19f4f3a1e8524b9075baa1eef93836b61d9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e56f3e64c12c241e5aec752adfe5da48f59f75d29f6f045026d2822a6b346256
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac8de6d5751c08d174887cfb27fcb19f4f3a1e8524b9075baa1eef93836b61d9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02A26D71A0061ECBDF24DF58C8407AEB7B1FB55314F2882AAE815EB385EB309D91CB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008FAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 008FAAAC
                                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 008FAAC8
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 008FAB36
                                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 008FAB88
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b2bced905e3c03ed5d45978b31f0ede3f0d71d43f90768e8e4142f957c7164ff
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 76b3e9e8d2c6ca87b403c5bb73ecb3b10c12d0f07d7802bef059be9f3049476f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2bced905e3c03ed5d45978b31f0ede3f0d71d43f90768e8e4142f957c7164ff
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2831E7B0A4025CAEFB398A78CC05BFA7BA6FB44330F14421AF689D61D1D3758985D762
                                                                                                                                                                                                                                                                                                                                                                      Function 0090CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 0090CE89
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0090CEEA
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000), ref: 0090CEFE
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 97bc2759aa5709e000377189aed3d08520e9ebc063e68b3aa48d3426a34c2e06
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3fd1c177c8d532abfc33faac7b423935fc1a0400ab58c61b51b3e986c4884af
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97bc2759aa5709e000377189aed3d08520e9ebc063e68b3aa48d3426a34c2e06
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB21ACB1504705EFDB30DF65C988BAA77FCEB40314F204A2AE646D2191E774EE059B50
                                                                                                                                                                                                                                                                                                                                                                      Function 008F8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008F82AA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6b8338938c18764c3d9a8a1e620616d9056195e38dd64f5d96d382cea0cd4fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 76209af99be81a668ecae30474fdd241f644ad2611ad0dc1ca76ca4521435a68
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6b8338938c18764c3d9a8a1e620616d9056195e38dd64f5d96d382cea0cd4fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C323475A00609DFCB28CF69C481A6AB7F0FF48710B15C56EE59ADB7A1EB70E941CB40
                                                                                                                                                                                                                                                                                                                                                                      Function 00905C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00905CC1
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00905D17
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(?), ref: 00905D5F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc6cea405b417226c8f84eb19d74aa8e68008b09e49edfa2e4912a4a2526ab96
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1479ac108f8c8875b4f480c026f6e20c76cf6c1265ad7dda81c20865495b146b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc6cea405b417226c8f84eb19d74aa8e68008b09e49edfa2e4912a4a2526ab96
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D851A975604A019FC714DF28C494A9AB7E8FF49324F15855EE99A8B3A2DB30EC04CF92
                                                                                                                                                                                                                                                                                                                                                                      Function 008C2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 008C271A
                                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008C2724
                                                                                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 008C2731
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f3487d190cbc610263ac26c2926497b9a7a1466595d003cdcb490fb55022c06b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1675e68a701c7d149c5277739cfc8331eae9655b8a349951dec38264b62a30f4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3487d190cbc610263ac26c2926497b9a7a1466595d003cdcb490fb55022c06b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7431B4749112289BCB21DF68DC89BDDB7B8FF08310F5045EAE41CA62A1E7709F818F45
                                                                                                                                                                                                                                                                                                                                                                      Function 009051CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 009051DA
                                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00905238
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 009052A1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ce0b544a80e6a3ffee9664007565e635f4955da63bee5e51165d70d4ce40fc3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 89dfe726027e23c06e5327339022cfe22d66a8dde723fd01d2aa485c6309f36c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ce0b544a80e6a3ffee9664007565e635f4955da63bee5e51165d70d4ce40fc3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2318075A14508DFDB00EF58D885EAEBBF4FF08314F098099E805AB3A2DB31E856CB51
                                                                                                                                                                                                                                                                                                                                                                      Function 008F16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008B0668
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 008B0685
                                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008F170D
                                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008F173A
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 008F174A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 49650840568b985caab6b3eee380bf7210d9d6709ce4fc5ed373d0f5d9166ee5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d71f60720a9ab339e58b561f6bc8ab63211ad60fd1450f340e2bd35bdd9949fc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49650840568b985caab6b3eee380bf7210d9d6709ce4fc5ed373d0f5d9166ee5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F411C4B1414308EFEB18AF64DC86D6AB7F9FB04714B20852EE15693641EB70BC418A60
                                                                                                                                                                                                                                                                                                                                                                      Function 008FD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008FD608
                                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 008FD645
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008FD650
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e301ee7c83d3f297a770936307b68494068e2a4cb1ed08c19edd12d12bef6d34
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 97c19234fe43bcde5784928d021275aa4d716f946ce80141077c5fd7dd849c52
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e301ee7c83d3f297a770936307b68494068e2a4cb1ed08c19edd12d12bef6d34
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4117CB1E05228BBDB208FA4DC45FAFBBBCEB45B60F108111FA04E7290D6704A058BA1
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008F168C
                                                                                                                                                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008F16A1
                                                                                                                                                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 008F16B1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8cb9250641d88e04c9549a7c4ee27f3c9deb9429e16c69c0833af973691f1b9d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8dd8887079d6bda6c4ee8a29279b691c5b56d16649716171b6c6e4fffca2daa3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cb9250641d88e04c9549a7c4ee27f3c9deb9429e16c69c0833af973691f1b9d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DF0F4B199030DFBDF00DFE49C89EAEBBBCFB08644F504565E501E2181E774AA449A54
                                                                                                                                                                                                                                                                                                                                                                      Function 008CC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8493b9b5154d63a0d7f7b003ef6133701b5889c61f711b6635f2947e576303d2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f5ded11ae42a2288b76196199f2a76ffe71019eef6a044699d87e13e5c8d7a72
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8493b9b5154d63a0d7f7b003ef6133701b5889c61f711b6635f2947e576303d2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC412672900219AFCB249FB9DC89EAB77B8FB84354F10826DF909D7280E670DD81CB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008BCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e7a043f67056e8580028e0abeb7d3b4227755c0e6337818f5cd5acd793377cc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C021D71E001199BDF14CFA9C8906EEFBF1FF58314F25416AD819EB384D731A9458B94
                                                                                                                                                                                                                                                                                                                                                                      Function 009068EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00906918
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00906961
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fab78604e89499754a705fb1dbea7a9210a7ac14520668ae40bf46de83323823
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 543ab83f36eec38df2c3e138049afa2829be0d19d2061739043b1994ca31828a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fab78604e89499754a705fb1dbea7a9210a7ac14520668ae40bf46de83323823
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F11190726142019FC710DF29D484A1ABBE5FF85328F18C699F4798F6A2CB30EC05CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 009037B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00914891,?,?,00000035,?), ref: 009037E4
                                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00914891,?,?,00000035,?), ref: 009037F4
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 864a6b349a47e1604d9df0ca2440200c306950168e32c8ec6aaf0e073d94b541
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9a4ca5b40512ce186ccdf3a638cb1947046ee263d1e01651cd1c01efea3b489f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 864a6b349a47e1604d9df0ca2440200c306950168e32c8ec6aaf0e073d94b541
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65F0ECB06042156AEB2057698C4DFDB375DEFC4761F000265F505D22C1D9609904C6F1
                                                                                                                                                                                                                                                                                                                                                                      Function 008FB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 008FB25D
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(?,7707C0D0,?,00000000), ref: 008FB270
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6a1ccb776ffb7bd3115e4926e0f11f6600e112bae9ea1e54b98b909c6b4646e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5138dbab3c3a328a21f68cc031c8c7a888a549a78203a5cf2704876abe1119fe
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6a1ccb776ffb7bd3115e4926e0f11f6600e112bae9ea1e54b98b909c6b4646e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50F01D7181424DABDF159FA0C805BBE7BB4FF04309F108009F955A6191D379D6119F94
                                                                                                                                                                                                                                                                                                                                                                      Function 008F10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008F11FC), ref: 008F10D4
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,008F11FC), ref: 008F10E9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98cf1aa1ccdb79031e62facbabf0ada7b6c32fde4f9ff661e96d7ae6ab0fd29c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd9fc78de35963fe1fa90f7c91b1a7081fd1a9ef48da967d48937591b97473e4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98cf1aa1ccdb79031e62facbabf0ada7b6c32fde4f9ff661e96d7ae6ab0fd29c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54E04F72018600EEFB352B65FC09E7777E9FB04320B20882DF6A5C04B1DB626CA1EB54
                                                                                                                                                                                                                                                                                                                                                                      Function 0089CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      • Variable is not of type 'Object'., xrefs: 008E0C40
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 39eb8bb47f61038146bebf24e6dbe09b71f79bcdd266c154214c151076a09b67
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 33a3508804177a6c6c691a5a4871062159bce6c7a6903618e073e2af9c69a583
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39eb8bb47f61038146bebf24e6dbe09b71f79bcdd266c154214c151076a09b67
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4932AF70900218DBDF14EF94C884AEDB7B5FF05308F284469E806EB282DBB6AD45CF61
                                                                                                                                                                                                                                                                                                                                                                      Function 008C676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008C6766,?,?,00000008,?,?,008CFEFE,00000000), ref: 008C6998
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ab1074be47311f34f96de73b8e98b033f2ebbeccf47b90006461de312ee77244
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3ebf78dd3ce3ceaae0b3e6bc00695da5c9bf64f1c53ce18cab245bbf387b50b3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab1074be47311f34f96de73b8e98b033f2ebbeccf47b90006461de312ee77244
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0B139316106099FD715CF28C486F657BB0FF45368F29866CE89ACF2A2D335E9A5CB40
                                                                                                                                                                                                                                                                                                                                                                      Function 008AB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 90faa77beb16d537957ff3b2c6d6ec804cce5aae33e6a766efdd37142330007d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3796aedafd440bc82f86346223dd0c0d304e35e8c267220519dcb2b37a84de7c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90faa77beb16d537957ff3b2c6d6ec804cce5aae33e6a766efdd37142330007d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6124F71900229DFDB24CF59C8806AEB7F5FF49710F14819AE849EB256EB349E81CF94
                                                                                                                                                                                                                                                                                                                                                                      Function 0090EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 0090EABD
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99a28d8ca4835f42951cad1c92e13973b2eb082c06982d4c77f12483677a5896
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 94a5900aacd18900c96d8b49605da666cc9443bccb11b0bed56fcbaf1c4a1e67
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99a28d8ca4835f42951cad1c92e13973b2eb082c06982d4c77f12483677a5896
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32E01A362102049FC710EF59E804E9AB7E9FF98760F048816FC49C72A1DAB0A8418BA1
                                                                                                                                                                                                                                                                                                                                                                      Function 008B09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008B03EE), ref: 008B09DA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9e65ebebed2c086320c7da9a7b34bf468fafceea00670548a216a338834796f2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 012cbcde61fd796d938ca59ca2388a08b1776bc3aecc37c4f8d2048ced31be03
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e65ebebed2c086320c7da9a7b34bf468fafceea00670548a216a338834796f2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                      Function 008B781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d2279e781342056ee57ff26188913dddb2e7bdb7da84e4abbe3da2c5e0eec55
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C519B7160C74A9BDB38453C885E7FE2B89FBD2344F180539D882D7782CA19EE01D35A
                                                                                                                                                                                                                                                                                                                                                                      Function 008C6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0a0e544ed109c3d42458b32f2cba763cc0f93d78713146b18242217323309a2b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d560dcac462a700ae4688b08ac2230056c0cef57f0b33cf0e9b9f58c8961718
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a0e544ed109c3d42458b32f2cba763cc0f93d78713146b18242217323309a2b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE320F22D2DF014DD7239634D822336A659EFB73D5F15C32BE82AB5AA5EB39C4835900
                                                                                                                                                                                                                                                                                                                                                                      Function 008ACC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c9307d7b7cb8f6403a20fef37084d31ab747b8e44f87f713aaf7c542a1ee4503
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d32a5fdeeccd8ab0ef37509fc4a300decb05b76483749c6cd5c985d7e2bbad37
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9307d7b7cb8f6403a20fef37084d31ab747b8e44f87f713aaf7c542a1ee4503
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89321732E041998BDF28CF2BC49067D7BA1FB47324F28856AD95ACB691D230DD83DB41
                                                                                                                                                                                                                                                                                                                                                                      Function 00897920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 802d61c1b72afd8bee347e22d46722b4935572f579a023e255e90d0fb7f63bb8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c491e26ebc7e5bd415a6b74a87320e60fdc13adf04f9fcea5d68da108b1f5524
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 802d61c1b72afd8bee347e22d46722b4935572f579a023e255e90d0fb7f63bb8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE22BEB0A04609DFDF14DFA9D881AAEB7F6FF44314F14462AE812E7391EB35A910CB51
                                                                                                                                                                                                                                                                                                                                                                      Function 008991C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e751cda90ab38ddf5af439257c054b929870fde44fd8b4158600e7b5e3af4b0d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d484b55bb4d79ddd7781b6bb5ccbf6ac4248348740b70de72a7becdb179fd87d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e751cda90ab38ddf5af439257c054b929870fde44fd8b4158600e7b5e3af4b0d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A202D7B0A10219EBDF05EF58D881AADB7B1FF44304F548169E456DF391EB31EA20CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 008C9EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4ff3edd6255d7b5bb019be3aa878be334fbd1931c3d21a8457645b9eac66f20a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8f25d54925586857b1c03654cc1119773e7d9d67fabe012132234a80fa2502d1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ff3edd6255d7b5bb019be3aa878be334fbd1931c3d21a8457645b9eac66f20a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EB10020E7AF454DC32396398831336B65CAFBB6D9F91D31BFC2674D22EB2286835540
                                                                                                                                                                                                                                                                                                                                                                      Function 008B1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a58a3c8cbae874bd564fbba1771193ebed21fdcc09031891d44a14a1ce89c9bb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF9156722080E349DF694639857C0BEFFE1EA523A139E079DD4F2CE2C5EE14D554D620
                                                                                                                                                                                                                                                                                                                                                                      Function 008B19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 63f1cfeffacc0a6747ac0c4b8d917134d2e75d1e2f763da6c61d38343762c689
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 149154722090E34ADF69427A857C0BEFFE1EA923B139A079DD4F2CE2C5FE14D5549620
                                                                                                                                                                                                                                                                                                                                                                      Function 008B7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f33daec84568925edb1c98a0d3c5cc7b5d11f8eb2e295e313eaaa693ef904380
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7ae6cc7b58c6c28d904a2e26dd8197dd76d168f410db86e762759649db0ffa11
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f33daec84568925edb1c98a0d3c5cc7b5d11f8eb2e295e313eaaa693ef904380
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07616671208719A6DE749A2C8CA5BFF2398FFC1764F20191EE942DB3D1DA119E42CB16
                                                                                                                                                                                                                                                                                                                                                                      Function 008B7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f432f3f35a5d0c065ecc4a8fe356dfb5d5bb45531fafa5d93b6b9fe765f58ed5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 48b617adbdd8b1505ab4ef645723e9ff8f4ee989caa062fe37450df4f647a370
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f432f3f35a5d0c065ecc4a8fe356dfb5d5bb45531fafa5d93b6b9fe765f58ed5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76617A7120C70996DE385A2C88A5BFF2398FFC2B84F180959E943DF795DA12ED42C356
                                                                                                                                                                                                                                                                                                                                                                      Function 008B1706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fcadcee6f49d448664cdaf79c6668415630b8200b5349d4cd2ff63dcaa3b0ec2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 138164326080E349DF694239857C4BEFFE1FA923A139A07ADD4F2CF2C5EE149554D620
                                                                                                                                                                                                                                                                                                                                                                      Function 00902046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fdb53829feddf2bbe588af80457db1bb516890a62e7477a6170255167b296e31
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eb4c0d34cdde56328c94cd2e4a54748b477d94b11493ccef1fec1bd8aa2a9796
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdb53829feddf2bbe588af80457db1bb516890a62e7477a6170255167b296e31
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1421B7326206158FD728CF79C82767E73E9A754310F25862EE4A7C37D0DE75A904DB80
                                                                                                                                                                                                                                                                                                                                                                      Function 009270D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0092712F
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00927160
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0092716C
                                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 00927186
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00927195
                                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 009271C0
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 009271C8
                                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 009271CF
                                                                                                                                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 009271DE
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 009271E5
                                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00927230
                                                                                                                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,?), ref: 00927262
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00927284
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: GetSysColor.USER32(00000012), ref: 00927421
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: SetTextColor.GDI32(?,?), ref: 00927425
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: GetSysColorBrush.USER32(0000000F), ref: 0092743B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: GetSysColor.USER32(0000000F), ref: 00927446
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: GetSysColor.USER32(00000011), ref: 00927463
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00927471
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: SelectObject.GDI32(?,00000000), ref: 00927482
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: SetBkColor.GDI32(?,00000000), ref: 0092748B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: SelectObject.GDI32(?,?), ref: 00927498
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009274B7
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009274CE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 009273E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009274DB
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ebd12f9d5e83041b7b48666078bd4afa1a6c861316cd0082833abc38e5d4f81
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ce342e66122ec6de006d848220b6ba6b493ef8fb8639ae98a8f7374140b6f674
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ebd12f9d5e83041b7b48666078bd4afa1a6c861316cd0082833abc38e5d4f81
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FA190B201C311AFDB109FA0EC48E5EBBA9FF49320F100A19F962A61E1D774E945DB52
                                                                                                                                                                                                                                                                                                                                                                      Function 008A8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?), ref: 008A8E14
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 008E6AC5
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 008E6AFE
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 008E6F43
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008A8BE8,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8FC5
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 008E6F7F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 008E6F96
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 008E6FAC
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 008E6FB7
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ae516595d331af60aeaebcbfebaada2b3390f89de47b2572a260aef830f6e055
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 63f3f34c89e337fd1cbf0e886da772ce1c81f66a986b453117a5863f75425861
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae516595d331af60aeaebcbfebaada2b3390f89de47b2572a260aef830f6e055
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE12AD30208281DFDB25CF15D844BA9B7A1FF66350F184469F485CB661DB32EC62EF91
                                                                                                                                                                                                                                                                                                                                                                      Function 00912711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 0091273E
                                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0091286A
                                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 009128A9
                                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 009128B9
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00912900
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0091290C
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00912955
                                                                                                                                                                                                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00912964
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00912974
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00912978
                                                                                                                                                                                                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00912988
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00912991
                                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 0091299A
                                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009129C6
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 009129DD
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00912A1D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00912A31
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 00912A42
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00912A77
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00912A82
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00912A8D
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00912A97
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1189a7a8d250b225ae9efacca6a4240f086f4bdd61c21f668d99fbdac3350a4f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 995211b429da630368ffd87eed4e7dd97584aa1033c04927ad18faf1c1c89407
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1189a7a8d250b225ae9efacca6a4240f086f4bdd61c21f668d99fbdac3350a4f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92B15CB1A10219AFEB24DF68DC4AFAE7BA9FB48710F044118F915E72A0D770ED40DB94
                                                                                                                                                                                                                                                                                                                                                                      Function 00904ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00904AED
                                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,0092CB68,?,\\.\,0092CC08), ref: 00904BCA
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,0092CB68,?,\\.\,0092CC08), ref: 00904D36
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6041360c060942cea31cddd2b2c4438fd2a524252799363830bd47e73556843b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cb69ecf66b9c0085fa0075ec05afd6d6d0dd206ecc923d342fffb0aedb5fe28a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6041360c060942cea31cddd2b2c4438fd2a524252799363830bd47e73556843b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C61F4B0605205EFDB04EF28CA829BC77B4FB85305B684815FA86EB2D1DB35ED45DB42
                                                                                                                                                                                                                                                                                                                                                                      Function 009273E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00927421
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00927425
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0092743B
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00927446
                                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 0092744B
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00927463
                                                                                                                                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00927471
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00927482
                                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0092748B
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00927498
                                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 009274B7
                                                                                                                                                                                                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009274CE
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 009274DB
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0092752A
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00927554
                                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00927572
                                                                                                                                                                                                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 0092757D
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 0092758E
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00927596
                                                                                                                                                                                                                                                                                                                                                                      • DrawTextW.USER32(?,009270F5,000000FF,?,00000000), ref: 009275A8
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 009275BF
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 009275CA
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 009275D0
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 009275D5
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 009275DB
                                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 009275E5
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9945422d2f79d9f4d58250d6a7b8101e251d05831ebcb2bcbb8e8dde770f44fd
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8dbad1497412d644a5aed93bafa22f7300086d5d85bf287b55e2fac20b2a7958
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9945422d2f79d9f4d58250d6a7b8101e251d05831ebcb2bcbb8e8dde770f44fd
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84617FB2908218AFDF119FA4DC49EAEBFB9EF08320F104115F911BB2A1D7749941DF90
                                                                                                                                                                                                                                                                                                                                                                      Function 00920FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00921128
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0092113D
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00921144
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00921199
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 009211B9
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009211ED
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0092120B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0092121D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 00921232
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00921245
                                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 009212A1
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009212BC
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009212D0
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 009212E8
                                                                                                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 0092130E
                                                                                                                                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00921328
                                                                                                                                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 0092133F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 009213AA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6aa4ded05b2af5672e65557cdbb2f70e33a42f13f34afab3e30456bde92fb793
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fa51971b49e5184415503678669f0e72b94fcc93963d7e9a6ea18577d16b067f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6aa4ded05b2af5672e65557cdbb2f70e33a42f13f34afab3e30456bde92fb793
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6B1BD71608351AFDB10DF68D884B6EBBE9FF98310F00891CF9999B261C731E855CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00920241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 009202E5
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0092031F
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00920389
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009203F1
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00920475
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 009204C5
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00920504
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AF9F2: _wcslen.LIBCMT ref: 008AF9FD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 008F2258
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 008F228A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 50a25c4f9726d1cafa137001f7101df2aa83703b53cd27087c59e521babe5fb6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f1d62b31ccccd6f2f2b4885a16cb81594bee861245730126f44712a6bccfb974
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50a25c4f9726d1cafa137001f7101df2aa83703b53cd27087c59e521babe5fb6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ECE18E312082118FCB14EF29E55182AB7E6FFC8314B144A5DF8969B7A6DB30ED45CB42
                                                                                                                                                                                                                                                                                                                                                                      Function 008A8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008A8968
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 008A8970
                                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008A899B
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 008A89A3
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 008A89C8
                                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008A89E5
                                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008A89F5
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 008A8A28
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 008A8A3C
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 008A8A5A
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 008A8A76
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 008A8A81
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A912D: GetCursorPos.USER32(?), ref: 008A9141
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A912D: ScreenToClient.USER32(00000000,?), ref: 008A915E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000001), ref: 008A9183
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000002), ref: 008A919D
                                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,008A90FC), ref: 008A8AA8
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72b3194badcb3e85c6afc8aa13cf581239ea71ec5ed01fe6e45db1010200d7e5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7af783eeb36cfb79f62100b357509e30695598b412e7331242ae1ada6a8f070
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72b3194badcb3e85c6afc8aa13cf581239ea71ec5ed01fe6e45db1010200d7e5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BB17C71A0420AEFDB14DFA8DC45BAE3BB4FB49314F144229FA15E7290DB74E851CB61
                                                                                                                                                                                                                                                                                                                                                                      Function 008F0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008F0DF5
                                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008F0E29
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 008F0E40
                                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 008F0E7A
                                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008F0E96
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 008F0EAD
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008F0EB5
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 008F0EBC
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008F0EDD
                                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 008F0EE4
                                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008F0F13
                                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008F0F35
                                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008F0F47
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F6E
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F0F75
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F7E
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F0F85
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F0F8E
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F0F95
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 008F0FA1
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F0FA8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1193: GetProcessHeap.KERNEL32(00000008,008F0BB1,?,00000000,?,008F0BB1,?), ref: 008F11A1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008F0BB1,?), ref: 008F11A8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008F0BB1,?), ref: 008F11B7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e59855f4895eb9618f27940aa8dad63382c2f659357f1b4ccdc22f4d0a268a23
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 346d028c4e716a875ef0bd238261e3827b7df75ccb81dbc3e5ca946c324ccf8a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e59855f4895eb9618f27940aa8dad63382c2f659357f1b4ccdc22f4d0a268a23
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D37139B290420AAFDF209FA4DC49FBEBBB8FF04310F144115EA59E6192DB719916CF60
                                                                                                                                                                                                                                                                                                                                                                      Function 0091C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091C4BD
                                                                                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,0092CC08,00000000,?,00000000,?,?), ref: 0091C544
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0091C5A4
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0091C5F4
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0091C66F
                                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0091C6B2
                                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0091C7C1
                                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0091C84D
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0091C881
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0091C88E
                                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0091C960
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7180169ed99fd34fae913c30909a1d4b0c98255e0e7c4f529b47e15e5efd134e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dbb2e28134e274bb5fdd9c027fb076d65ed725687d9e2654d6c773893121d939
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7180169ed99fd34fae913c30909a1d4b0c98255e0e7c4f529b47e15e5efd134e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA124E757082019FDB14EF18C491A6AB7E5FF88714F19885CF85A9B3A2DB31ED41CB82
                                                                                                                                                                                                                                                                                                                                                                      Function 0092091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 009209C6
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00920A01
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00920A54
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00920A8A
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00920B06
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00920B81
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AF9F2: _wcslen.LIBCMT ref: 008AF9FD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008F2BFA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3a3d0072712252ec30bb009527a60a4b11981c01be3b9fc4e04fc1af7647eafc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 36851e93b13d0700d3903be91444e3b69286c06b4e12eae5e0faf36805e16609
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a3d0072712252ec30bb009527a60a4b11981c01be3b9fc4e04fc1af7647eafc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72E19A312083118FCB24EF29D45092AB7E5FFD8314B54895CF8969B7A6D731EE49CB82
                                                                                                                                                                                                                                                                                                                                                                      Function 0091C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ac290968f3646a4b90f5715363c90e5db829b235ab604cfe340a24e6a5c56997
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5f11c8b97a21faa24205c1577a50a044a91b56d019108500f3e60ded3e626a51
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac290968f3646a4b90f5715363c90e5db829b235ab604cfe340a24e6a5c56997
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF7102B278412E8BCB20DEAC99415FF3399AF60750B250528FC66E7285E634CEC4C3A1
                                                                                                                                                                                                                                                                                                                                                                      Function 0092833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0092835A
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0092836E
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00928391
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009283B4
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009283F2
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00925BF2), ref: 0092844E
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00928487
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009284CA
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00928501
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0092850D
                                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0092851D
                                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?,00925BF2), ref: 0092852C
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00928549
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00928555
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a6b6308bf68d99e959a0c7f80cbc4940a70b10633db3d9146b022fe30b25f5cc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a150d607e0e99131ebd882663a1d5f2aa23efc7a76d8f7f58d20cb674d40e3a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6b6308bf68d99e959a0c7f80cbc4940a70b10633db3d9146b022fe30b25f5cc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7261CDB1514225BAEB24DB64EC42FBF77ACFF08B11F104509F815D61E1DB74AA80D7A0
                                                                                                                                                                                                                                                                                                                                                                      Function 00897778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 115d892506ad21a203b6e45bd622ef00748e460ef671862f92945a5c9b3daa23
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d75b6f5fcbd025d37724ca87dc5a30abf8feb1e8b6a047119b24522217bfed0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 115d892506ad21a203b6e45bd622ef00748e460ef671862f92945a5c9b3daa23
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97811671610205BBDF20BF68DC42FAE37A9FF55304F084026F904EA296EB70D911C792
                                                                                                                                                                                                                                                                                                                                                                      Function 008F5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 008F5A2E
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 008F5A40
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 008F5A57
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 008F5A6C
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 008F5A72
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 008F5A82
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 008F5A88
                                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 008F5AA9
                                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 008F5AC3
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 008F5ACC
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008F5B33
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 008F5B6F
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 008F5B75
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 008F5B7C
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 008F5BD3
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 008F5BE0
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 008F5C05
                                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 008F5C2F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 400b6b9a59771327a1c361cbb33ce9148dcf448a82912c5d589fce6643a3d877
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 027f927f3aedcbec47dc18534339ade6e1164135eaa46213bafcdb2ba8e01b2e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 400b6b9a59771327a1c361cbb33ce9148dcf448a82912c5d589fce6643a3d877
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B717C71900B09AFDB20DFB8CE89AAEBBF5FF48714F104918E642E25A0D775E944DB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008B00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008B00C6
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0096070C,00000FA0,87FAE81A,?,?,?,?,008D23B3,000000FF), ref: 008B011C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008D23B3,000000FF), ref: 008B0127
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008D23B3,000000FF), ref: 008B0138
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 008B014E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008B015C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008B016A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008B0195
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008B01A0
                                                                                                                                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 008B00E7
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00A3: __onexit.LIBCMT ref: 008B00A9
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 008B0154
                                                                                                                                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 008B0133
                                                                                                                                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008B0122
                                                                                                                                                                                                                                                                                                                                                                      • InitializeConditionVariable, xrefs: 008B0148
                                                                                                                                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 008B0162
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 11d064739a0c6e0695680c60dc5d59ba7604917685a10e1e62206854ac734a2e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a09372293641f23204d03a27e1c9ba25eb601ea3e35ee715373768b483376e57
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11d064739a0c6e0695680c60dc5d59ba7604917685a10e1e62206854ac734a2e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B213872A5C7116FE7246BA8AC46BAF33A4FB85B55F000539F901E73D2DBB09C009E91
                                                                                                                                                                                                                                                                                                                                                                      Function 008F30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4396c42767ef1b9ab9ad895d2779f8f66fa55ea78c503fcbf092cb4dfc1e90c5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 59a2f8f0fc1a7f0d61cc5cfecd575cdba3a9e972c4962071f472faf3dedca110
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4396c42767ef1b9ab9ad895d2779f8f66fa55ea78c503fcbf092cb4dfc1e90c5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03E1D732A0061EABCB24DFB8C4516FEBBB4FF54714F548119EA56F7241DB30AE858790
                                                                                                                                                                                                                                                                                                                                                                      Function 009044C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00000000,00000000,0092CC08), ref: 00904527
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0090453B
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00904599
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009045F4
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0090463F
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009046A7
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AF9F2: _wcslen.LIBCMT ref: 008AF9FD
                                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00956BF0,00000061), ref: 00904743
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ce5ff6729f6efbcc60a076c76038ec6007039c9c267e8913c8acd159ebc1937e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6597a32d29ead5a4147cf1bc1a05e3b0a5012d44e4c81428e8e1a9778f04b48c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce5ff6729f6efbcc60a076c76038ec6007039c9c267e8913c8acd159ebc1937e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08B1EFB16083029FC710EF28C891A6AB7E9FFA5720F54491DF696C72D1E731D844CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 0089326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00961990), ref: 008D2F8D
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00961990), ref: 008D303D
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 008D3081
                                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 008D308A
                                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(00961990,00000000,?,00000000,00000000,00000000), ref: 008D309D
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008D30A9
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5322262e484b43d362bb6df72b2115858d2d6e3882e901223646b2e487091840
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8df3f269f2580d52e1027245433edefff3d9c534152fdd734ad26f62ad8a2a93
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5322262e484b43d362bb6df72b2115858d2d6e3882e901223646b2e487091840
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA710571644209BAEB319B68CC49FAABF64FF55324F240216F514EA2E0C7B1A910DB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00926CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 00926DEB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00926E5F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00926E81
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00926E94
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00926EB5
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00890000,00000000), ref: 00926EE4
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00926EFD
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00926F16
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00926F1D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00926F35
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00926F4D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ffb20eabf36a534808c6fe94aaf20030868ac6b2ba9f8c848477d4b7d1f61ad
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 134e74ff17452cfc44fb843a41eaa22dab59fcd847380df93b88ea61747ae6c4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ffb20eabf36a534808c6fe94aaf20030868ac6b2ba9f8c848477d4b7d1f61ad
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 977168B4108245AFDB21DF18EC44FAABBF9FB89304F18081DF98997661D770A916DF12
                                                                                                                                                                                                                                                                                                                                                                      Function 0092911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 00929147
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00927674: ClientToScreen.USER32(?,?), ref: 0092769A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00927674: GetWindowRect.USER32(?,?), ref: 00927710
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00927674: PtInRect.USER32(?,?,00928B89), ref: 00927720
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 009291B0
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009291BB
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009291DE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00929225
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0092923E
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00929255
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00929277
                                                                                                                                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 0092927E
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00929371
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db9aa252ba815a9401998ef746d5222526415c2f775deda39c95b5546aacb481
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 612fa7255f85b01a366ebb03e90958835683291048eb2e2d79b4e8292f21e72f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db9aa252ba815a9401998ef746d5222526415c2f775deda39c95b5546aacb481
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31614771108301AFC715EF68DC85DAFBBE8FF89750F04092EF595921A1DB709A49CBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 0090C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0090C4B0
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0090C4C3
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0090C4D7
                                                                                                                                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0090C4F0
                                                                                                                                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0090C533
                                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0090C549
                                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0090C554
                                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0090C584
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0090C5DC
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0090C5F0
                                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0090C5FB
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c757150d21291f4e45d547cdf4f57ef06ca0ba8f0d1e86424bb4ee78aeebd60b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26b17c8f926a336a4190753c0810a4ba097d85d72b5b7157e440c4eed2735d58
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c757150d21291f4e45d547cdf4f57ef06ca0ba8f0d1e86424bb4ee78aeebd60b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93515AF4504609BFDB219F60CD88AAB7BBCFF08754F004619F94596290DB34E945ABA0
                                                                                                                                                                                                                                                                                                                                                                      Function 0092856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00928592
                                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285A2
                                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285AD
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285BA
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 009285C8
                                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285D7
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 009285E0
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285E7
                                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009285F8
                                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0092FC38,?), ref: 00928611
                                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00928621
                                                                                                                                                                                                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00928641
                                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00928671
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00928699
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009286AF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 48a8f571b638fc57e619e91d6ef9ca7a3f80f3bffc80784e3598220c7a0f8e9f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1721ac766a38eeac7c78c9de9f56c92e3ae315003c3b5913ba33ea99fe75d8bc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48a8f571b638fc57e619e91d6ef9ca7a3f80f3bffc80784e3598220c7a0f8e9f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D24129B5605214AFDB21DFA5DC48EAF7BBCEF89715F104058F915E7260DB30A902DB60
                                                                                                                                                                                                                                                                                                                                                                      Function 009014BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00901502
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0090150B
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00901517
                                                                                                                                                                                                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009015FB
                                                                                                                                                                                                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 00901657
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00901708
                                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 0090178C
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 009017D8
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 009017E7
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00901823
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c19260cd6609578de6210e9607b40c4bb76ce151a2b824f6cf5a209b77485852
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f90d61c670022697872ba936d62584c7bd5801eb7d19a1cdc0314fe7276b2926
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c19260cd6609578de6210e9607b40c4bb76ce151a2b824f6cf5a209b77485852
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69D1ED71A00205DFEB10AFA9E885B6DB7B9FF45700F14845AF406AF5D1DB34E841EBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 0091B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091B6F4
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091B772
                                                                                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 0091B80A
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0091B87E
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0091B89C
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0091B8F2
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0091B904
                                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0091B922
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0091B983
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0091B994
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a0812b47da977a0a4b1bc42017614de316a8ff77f0e9a0c42eed541909365e91
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5e3629db2249386a3221d41a460348e938091e0fff1d3adebb8a8cf1e0472fa6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0812b47da977a0a4b1bc42017614de316a8ff77f0e9a0c42eed541909365e91
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86C19331208205AFD714DF18C495F6ABBE5FF84318F18845CF4598B2A2CB75ED86CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 0091255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 009125D8
                                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 009125E8
                                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 009125F4
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00912601
                                                                                                                                                                                                                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0091266D
                                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 009126AC
                                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 009126D0
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 009126D8
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 009126E1
                                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 009126E8
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 009126F3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f6dc10021833f8d39270254a73227da873f0e70380be157cc4dabb2b1da9a41c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fab7493158b5d5f40d5cdf84bfc635e4e68d0897885aae7403c48c4f22ff7cbe
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6dc10021833f8d39270254a73227da873f0e70380be157cc4dabb2b1da9a41c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 696124B5E00219EFCF14DFA8C884AAEBBF5FF48300F20842AE955A7250D730A951DF90
                                                                                                                                                                                                                                                                                                                                                                      Function 008CDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 008CDAA1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD659
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD66B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD67D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD68F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6A1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6B3
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6C5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6D7
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6E9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD6FB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD70D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD71F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD63C: _free.LIBCMT ref: 008CD731
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDA96
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDAB8
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDACD
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDAD8
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDAFA
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDB0D
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDB1B
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDB26
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDB5E
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDB65
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDB82
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CDB9A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 51666cde5c20e825158e4b85a718ea6d54c49a7dcd7614b53d3ac4692ad43481
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5bcbabbe0bf8d22c350414f9e0d3a63147751a398206b7e213e64f3b44b27d2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51666cde5c20e825158e4b85a718ea6d54c49a7dcd7614b53d3ac4692ad43481
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 463116726047059FEB22BA39E845F5ABBF9FF10361F15842DE449D7192DA31EC84CB21
                                                                                                                                                                                                                                                                                                                                                                      Function 008F365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 008F369C
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008F36A7
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 008F3797
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 008F380C
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 008F385D
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 008F3882
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 008F38A0
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000), ref: 008F38A7
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 008F3921
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 008F395D
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e95c1220fbd6d3e33711183c995f07568f55faed9d7aaa39a8c8fa216cb390a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0b17a7deaad95e3e56a53c8ebcdfb61eab94f0538aaced37cbeab6a0e52ef008
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e95c1220fbd6d3e33711183c995f07568f55faed9d7aaa39a8c8fa216cb390a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C291D27120460AAFD718DF34C885BFAF7A8FF44354F008629FA99D2190DB74EA46CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 008F4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 008F4994
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 008F49DA
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008F49EB
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 008F49F7
                                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 008F4A2C
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 008F4A64
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 008F4A9D
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 008F4AE6
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 008F4B20
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 008F4B8B
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 17142e4e9d0999907251aaff9f969d8502496d7bbb5a8e97b5f069f6b0300c0f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a8bda7ab5d510cf104eabde8e7329c91a6d9d4caa9cc6f6bbf26da947c9a4810
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17142e4e9d0999907251aaff9f969d8502496d7bbb5a8e97b5f069f6b0300c0f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14919E7110820A9FDB04DF68C985BBB77A8FF84314F04546AFE85DA196DB30ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 00928D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00928D5A
                                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00928D6A
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00928D75
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00928E1D
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00928ECF
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00928EEC
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 00928EFC
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00928F2E
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00928F70
                                                                                                                                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00928FA1
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f8a3307ba661aff00c9254f351d25b24e0f74c1363fef578235f2b85be91f6cc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ebb79f9b079132b0076ea2b36a2d106c25b56f5119babf87d30600e449eaf93b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8a3307ba661aff00c9254f351d25b24e0f74c1363fef578235f2b85be91f6cc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1381BE71509321AFDB20DF24E984AABBBE9FF88314F04091DF984D7295DB70D905DBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 008FDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetFileVersionInfoSizeW.VERSION(?,?), ref: 008FDC20
                                                                                                                                                                                                                                                                                                                                                                      • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 008FDC46
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008FDC50
                                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 008FDCA0
                                                                                                                                                                                                                                                                                                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 008FDCBC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f37ddb5963853fa5f540e70891dda64a75dac9bf1b88247b68f23332d704c09d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b6b45a5319256230cc405a09e5fd98ecd2887c716b1d65fe59ff68bedb36ecab
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f37ddb5963853fa5f540e70891dda64a75dac9bf1b88247b68f23332d704c09d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1410072A443087BEB14B7799C43EFF37ACFF56710F100069FB00E6283EA20990196A6
                                                                                                                                                                                                                                                                                                                                                                      Function 0091CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0091CC64
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0091CC8D
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0091CD48
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0091CCAA
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0091CCBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0091CCCF
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0091CD05
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0091CD28
                                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0091CCF3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f47b0e006fca1e1abee4361665562402774e1a78f7bede7e799cd7998e39a4de
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7ab21cb55a26f3840793506fdfa9a3ff2531cba8d40758b6bb2a8227d4343d55
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f47b0e006fca1e1abee4361665562402774e1a78f7bede7e799cd7998e39a4de
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA319EB5A8512CBBDB218B51DC88EFFBB7CEF45740F000465A905E2241DA748E86EAA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00903D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00903D40
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00903D6D
                                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00903D9D
                                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00903DBE
                                                                                                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 00903DCE
                                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00903E55
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00903E60
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00903E6B
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ab57eeba03dcb80ea0618e1ffc7af44b8fa7c57f53f42e97e134d38eafc0e716
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e1f1b64db6ea0abd1bdc1bbdf7d4f924b4a89c921c4103ce60526cc4ec6f83a7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab57eeba03dcb80ea0618e1ffc7af44b8fa7c57f53f42e97e134d38eafc0e716
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B31B2B1914209ABDB21DBA4DC49FEF37BCEF88700F1081B6F519D61A0EB7497458B24
                                                                                                                                                                                                                                                                                                                                                                      Function 008FE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 008FE6B4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AE551: timeGetTime.WINMM(?,?,008FE6D4), ref: 008AE555
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 008FE6E1
                                                                                                                                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 008FE705
                                                                                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 008FE727
                                                                                                                                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 008FE746
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 008FE754
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 008FE773
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 008FE77E
                                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 008FE78A
                                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 008FE79B
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 135f77061f52dc9c8db790df048fa86dc6684220b0ce587116f2ad038dd8b49e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fe919c4abdee0798c3b4fc176df5d214b3a1b87d39d1ead54f69cf11074cb547
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 135f77061f52dc9c8db790df048fa86dc6684220b0ce587116f2ad038dd8b49e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 232165B022860DAFEB205F75EC8DE3D3B69F754749B10042AF612C1171DBB59C11AB25
                                                                                                                                                                                                                                                                                                                                                                      Function 008FE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 008FEA5D
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 008FEA73
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008FEA84
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 008FEA96
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 008FEAA7
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cfa9a451a30f5f62a4dbccee06ad5d5686b8ff69503288a749b4f8b8f11354af
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bc8d6cc179887939fc352e1af5cb11c44d0df0b58daadc5f69ca363dbfb0676e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfa9a451a30f5f62a4dbccee06ad5d5686b8ff69503288a749b4f8b8f11354af
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC118F61A9022979DB20F7A6DC5ADFF6A7CFBE1F44F440429B901E20E0EA700909C6B1
                                                                                                                                                                                                                                                                                                                                                                      Function 008F5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 008F5CE2
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 008F5CFB
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 008F5D59
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 008F5D69
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 008F5D7B
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 008F5DCF
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 008F5DDD
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 008F5DEF
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 008F5E31
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 008F5E44
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 008F5E5A
                                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 008F5E67
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e62a5cde89405bc482db469322debf5a10c7deada663124a92866e1e6ef54110
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 33f896137c4551927902fc8b25d21b8465e75216bad49ea46c28bce940149f4d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e62a5cde89405bc482db469322debf5a10c7deada663124a92866e1e6ef54110
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2951FEB1A10609AFDF18DF68DD89AAEBBB9FB48300F148129F615E6690D7709E05CB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008A8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008A8BE8,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8FC5
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 008A8C81
                                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008A8D1B
                                                                                                                                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 008E6973
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008E69A1
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000,?), ref: 008E69B8
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,008A8BBA,00000000), ref: 008E69D4
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 008E69E6
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd3fae47b4e33df176ca04a2a60d1db0f26da12034d6ce59e798a7bf1ed8e893
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1025f6fa6bf773cd0392724bbd0447d793e8ef8d3ea4b4846ce15a0b0caaa7a9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd3fae47b4e33df176ca04a2a60d1db0f26da12034d6ce59e798a7bf1ed8e893
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4361DB30416640DFEB359F19D948B29BBF1FB52326F18452CE042DB960CB71ACA1EFA0
                                                                                                                                                                                                                                                                                                                                                                      Function 008A9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9944: GetWindowLongW.USER32(?,000000EB), ref: 008A9952
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 008A9862
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3261611dc767e740a882813f35cdd127847cd6b4e873f0ed8149838aa635c0ea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b0525c8b400e36eeaff09570d5801ea9af767bb18b3dc8a5f189e5089fa8bc4b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3261611dc767e740a882813f35cdd127847cd6b4e873f0ed8149838aa635c0ea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8418E7110C644AAEB305F389C85BB93B65FB07320F144655FAE2C71E2C6799C42EB11
                                                                                                                                                                                                                                                                                                                                                                      Function 008F96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,008DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 008F9717
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,008DF7F8,00000001), ref: 008F9720
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,008DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 008F9742
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,008DF7F8,00000001), ref: 008F9745
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 008F9866
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 858b57cbca155b200a9f5cf98ccf212b32f62eaa1bb02762fa183bd8f3a9c338
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 458ee819098eab01443b13b9d5dfb6fcb97f8abb783822d13e276e0d95063b65
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 858b57cbca155b200a9f5cf98ccf212b32f62eaa1bb02762fa183bd8f3a9c338
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9413A72804209AACF04FBE8DD46EEE7778FF55344F540029F605B2192EB256F48DB62
                                                                                                                                                                                                                                                                                                                                                                      Function 00913C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00913C5C
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00913C8A
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00913C94
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00913D2D
                                                                                                                                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00913DB1
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00913ED5
                                                                                                                                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00913F0E
                                                                                                                                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,0092FB98,?), ref: 00913F2D
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00913F40
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00913FC4
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00913FD8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b700c01d7a3421195cfb03cd59f32837087286866abea872a1ee5c684d301413
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ca5add3afe135ba0377b621021bd2d0c848c6adb2a335b38f1c734e27f3e761
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b700c01d7a3421195cfb03cd59f32837087286866abea872a1ee5c684d301413
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBC132716083099FD710DF28C88496ABBF9FF89744F04891DF98A9B251D730EE46CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00907A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00907AF3
                                                                                                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00907B8F
                                                                                                                                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 00907BA3
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0092FD08,00000000,00000001,00956E6C,?), ref: 00907BEF
                                                                                                                                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00907C74
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 00907CCC
                                                                                                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00907D57
                                                                                                                                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00907D7A
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00907D81
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00907DD6
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00907DDC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 62374c008d01ef3f33a19cb4f88357e9018d4389cb5f19cafe0b46b15a43f89a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 43005c5a5adc49e86153d69b9b7d094714d01348d74c6d89661f19a679750bdb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62374c008d01ef3f33a19cb4f88357e9018d4389cb5f19cafe0b46b15a43f89a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25C1F875A04119AFDB14DFA8C884DAEBBB9FF48314B148499E819DB3A1D730EE45CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 0092541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00925504
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00925515
                                                                                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000158), ref: 00925544
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00925585
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0092559B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009255AC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: faa4391109080b7558ed2ef5dca9144bfd11328bdeeb47c8d8e4d15de0f2c342
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8912759dd538191e415b500e1338f5f0942b73f6c4e2301283d948741f403d02
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: faa4391109080b7558ed2ef5dca9144bfd11328bdeeb47c8d8e4d15de0f2c342
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E61DF74904629EFDF209F94EC84EFE7BB9EF09320F118005F925A72A4C7748A81DB60
                                                                                                                                                                                                                                                                                                                                                                      Function 008EFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 008EFAAF
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 008EFB08
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 008EFB1A
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 008EFB3A
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 008EFB8D
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 008EFBA1
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 008EFBB6
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 008EFBC3
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008EFBCC
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 008EFBDE
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008EFBE9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bdd00370c82f0139871c43b7fa7c4053d07beff8500fd2eb70fb327bb88ce269
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b452d33075a5a4fbf61f7b713ae16623375bc25ccc1120cc27663b9ef0d6de99
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdd00370c82f0139871c43b7fa7c4053d07beff8500fd2eb70fb327bb88ce269
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E417275A14219AFCF10EF69CC549AEBBB9FF48354F008065E905E7261CB30A946CF91
                                                                                                                                                                                                                                                                                                                                                                      Function 008F9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 008F9CA1
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 008F9D22
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 008F9D3D
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 008F9D57
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 008F9D6C
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 008F9D84
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 008F9D96
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 008F9DAE
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 008F9DC0
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 008F9DD8
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 008F9DEA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4b054d7d19ed49f9d4ddc52fe5ae3eeba3664fe3a66c46d198bbb9c1aa914c3a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b1e31a8254a4f3b41dbfc224c4d168a37a53453aa3636a5e70a652ae0490932e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b054d7d19ed49f9d4ddc52fe5ae3eeba3664fe3a66c46d198bbb9c1aa914c3a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2419674508BCE6DFF31967488047B5BEA0FF12344F14805ADBC6D66C2DBA599C8C7A2
                                                                                                                                                                                                                                                                                                                                                                      Function 0091055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 009105BC
                                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 0091061C
                                                                                                                                                                                                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 00910628
                                                                                                                                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00910636
                                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009106C6
                                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009106E5
                                                                                                                                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 009107B9
                                                                                                                                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 009107BF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b4c04d6fde4708c77c2a7f5963e79fd8f967fd53ead410c4353246f473b6210e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 345ba1aceec5a4ce611e5b621697dcb8c2c9dfa9aac40d1bc9bc4c481d199239
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4c04d6fde4708c77c2a7f5963e79fd8f967fd53ead410c4353246f473b6210e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F918E756082019FD720DF19C889B5ABBE4FF84358F1485A9F4698B6A2C771EDC1CF81
                                                                                                                                                                                                                                                                                                                                                                      Function 00918CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 91c19d3c59f3ba85f6f8c9f1ed9d6693aa5efb25998cd23bf37d69d48f0c2d63
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91599653dd77f16e83e7b23b3854aa2463c8aa8f8bcceb05fb9b9c001d87ca71
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91c19d3c59f3ba85f6f8c9f1ed9d6693aa5efb25998cd23bf37d69d48f0c2d63
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF519F31A0011A9ACF24EF6CC8409FFB7A9FF64324B244629E826E72C0DB30DD80D791
                                                                                                                                                                                                                                                                                                                                                                      Function 0091372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 00913774
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0091377F
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,0092FB78,?), ref: 009137D9
                                                                                                                                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 0091384C
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 009138E4
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00913936
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f9decf4c7ab356a1f3606d420b258f36ff6ac59aeb5ca31c043cb1147fa22d4f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4a4a84fc020c050fcb10c26e7a06c03e1f1a7bf9a8f811fe1184d6485d974b2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9decf4c7ab356a1f3606d420b258f36ff6ac59aeb5ca31c043cb1147fa22d4f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B961A170708305AFD710DF64C844BAABBF8EF89714F108859F98597291D770EE88CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00908195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00908257
                                                                                                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00908267
                                                                                                                                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00908273
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00908310
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00908324
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00908356
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0090838C
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00908395
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bc6b4f4bd3af58b7ea244a4917b571c72db00fda5b2227851e796425755a58be
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e214574887cd71730b12df77809c153f53b7a27b8056a6057b8c48a23559cbf
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc6b4f4bd3af58b7ea244a4917b571c72db00fda5b2227851e796425755a58be
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED614AB26087059FCB10EF68D8409AFB3E8FF89314F044929F999D7251EB35E945CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00903388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009033CF
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009033F0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4bfd5760f6f2dd5ca4b42fb63ee321004572f9ad86380c175dae583cc2038986
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 54889578e06040b6f6887671e7ce8d2f4d4a07e67785adb41c85dbd093ad9928
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bfd5760f6f2dd5ca4b42fb63ee321004572f9ad86380c175dae583cc2038986
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9651A071900209AADF15FBA8DD42EEEB778FF04344F184169F505B21A2EB712F58DB62
                                                                                                                                                                                                                                                                                                                                                                      Function 008FB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1bd92da370f89fee3559ed51a2b56f8bece23703fb3d72b112fa844b1e1cfbd8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 24f77bf97222ce75ad9c0643cdf2162781983005022172682c0fa499bec65fab
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bd92da370f89fee3559ed51a2b56f8bece23703fb3d72b112fa844b1e1cfbd8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA41B632A0012A9BCB20AF7DCC915BE7BA5FF74758B254129E661DB284F739CD81C790
                                                                                                                                                                                                                                                                                                                                                                      Function 00905393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 009053A0
                                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00905416
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00905420
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 009054A7
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: da4c3bfed5a711c23c5e76e99d1afc5ee294804adc39cd6f49604244e0f9ee0a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6be1a06c143a1327fdc8bfd9b97c4f790a028ee560713a614ad3d098687267b9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da4c3bfed5a711c23c5e76e99d1afc5ee294804adc39cd6f49604244e0f9ee0a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3319D75A006059FCB10DF69C885AEABBB8FF04305F598469E805CB2E2DB70DD86CF91
                                                                                                                                                                                                                                                                                                                                                                      Function 00923C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateMenu.USER32 ref: 00923C79
                                                                                                                                                                                                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00923C88
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00923D10
                                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00923D24
                                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00923D2E
                                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00923D5B
                                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00923D63
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1ec1e780b395112e04b46e0ef9b523cac8e31a661f2978ddfbc77917528fe314
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 297245c810a2550667de25f0b16fb920cdb2725605654a7f8065c9a248c91587
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ec1e780b395112e04b46e0ef9b523cac8e31a661f2978ddfbc77917528fe314
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D04189B4A15219AFDB24CF64E844EAA7BB9FF49310F144028F946A73A0D774EA10DF90
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 008F1F64
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 008F1F6F
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 008F1F8B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 008F1F8E
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 008F1F97
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 008F1FAB
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 008F1FAE
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0dcd71f96a398b196dfd792797e8f57e7145e3d57edfc293e99edd2945dda3c7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bcdbbad428739d3f99d46839d219dc7d38256b49c94c77b8be091eecdcd906c9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0dcd71f96a398b196dfd792797e8f57e7145e3d57edfc293e99edd2945dda3c7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C421C270A00218BBCF14EFA5DC99DFEBBB8FF05314B000119FA61A72A1CB345909DB60
                                                                                                                                                                                                                                                                                                                                                                      Function 00923A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00923A9D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00923AA0
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00923AC7
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00923AEA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00923B62
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00923BAC
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00923BC7
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00923BE2
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00923BF6
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00923C13
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 112030f2a30385aef083143fe30366fb2e6a1b71ddf1793f9ba1b29f2ee791d9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd7d7ed9a464abb01b5636b75773747ee8c045ab8bb8e3202673613bce8d409a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 112030f2a30385aef083143fe30366fb2e6a1b71ddf1793f9ba1b29f2ee791d9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38617875A00218AFDB10DFA8DC81EEE77B8EB49700F14419AFA55E72A1C774AE41DB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008FB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 008FB151
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB165
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 008FB16C
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB17B
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 008FB18D
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1A6
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1B8
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB1FD
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB212
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,008FA1E1,?,00000001), ref: 008FB21D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 123f4c609440fc59c4bb001e71135dd8b0430e132d51f38dff0bf5448d9d6c24
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 402d0524fd1022cd08b92184510009b5ed05eb83b42b7c2f801a7a72ddd059fd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 123f4c609440fc59c4bb001e71135dd8b0430e132d51f38dff0bf5448d9d6c24
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF31ADB1528208BFEB209F74DC48BBD7BA9FB61391F108009FB01D6190D7B49E459FA4
                                                                                                                                                                                                                                                                                                                                                                      Function 008C2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2C94
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CA0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CAB
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CB6
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CC1
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CCC
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CD7
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CE2
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CED
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2CFB
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a914d3e7c6fe58741ccb58ec5973b97af373b4062e703c5bf111f1af9fd8cdaa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 44efd02d7a48ebfda3c8ba9c484c4a5f93dccae19e39a68b900f73ae2b80d4d5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a914d3e7c6fe58741ccb58ec5973b97af373b4062e703c5bf111f1af9fd8cdaa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1911A476100108AFCB02EF58D882EDD3FB5FF05350F4144A9FA489F2A2DA31EE549B91
                                                                                                                                                                                                                                                                                                                                                                      Function 00907DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00907FAD
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00907FC1
                                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00907FEB
                                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00908005
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00908017
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00908060
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009080B0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 52bf7d7ed4a8ca194296bdcaf3355c54a3fcf8e6d7e15eb6bf1b952e5f461206
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a47f3ff0437cfa1a50e4d3cd6a9bb8835ba6c9fa3da0cdff0a7b2751670fbd84
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52bf7d7ed4a8ca194296bdcaf3355c54a3fcf8e6d7e15eb6bf1b952e5f461206
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 188171729082459FCB20EF54C4449AEF7E8FF85320F544C6AF885D72A1EB35ED458B52
                                                                                                                                                                                                                                                                                                                                                                      Function 00895BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 00895C7A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00895D0A: GetClientRect.USER32(?,?), ref: 00895D30
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00895D0A: GetWindowRect.USER32(?,?), ref: 00895D71
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00895D0A: ScreenToClient.USER32(?,?), ref: 00895D99
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 008D46F5
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 008D4708
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 008D4716
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 008D472B
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 008D4733
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008D47C4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 942bf70a074cb66d8ac384a4d4cef6154cb2e1351e0ad48432ad3a6d264a9c55
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bdb0eb8e32ee6b4b970927fe0846d82af1f0c5fb693089a10d533f37a831c259
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 942bf70a074cb66d8ac384a4d4cef6154cb2e1351e0ad48432ad3a6d264a9c55
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3171E231404209DFCF219F64C984ABA7BB5FF4A368F18536AE956DA2A6C731CC41DF50
                                                                                                                                                                                                                                                                                                                                                                      Function 0090359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009035E4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00962390,?,00000FFF,?), ref: 0090360A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 15e7ebc9e018f61de32bee3dbcd4751e5a2ddfacc25ff0c3a8e64dbc29463289
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d60ba9a409a506c0ef6bcd4fcbf5fe3e799f997b87ced9881b5e3e224345908a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15e7ebc9e018f61de32bee3dbcd4751e5a2ddfacc25ff0c3a8e64dbc29463289
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0516F71800209BADF15FBA4DC42EEEBB38FF54304F084129F505B21A1EB711B99DBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 00928B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A912D: GetCursorPos.USER32(?), ref: 008A9141
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A912D: ScreenToClient.USER32(00000000,?), ref: 008A915E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000001), ref: 008A9183
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A912D: GetAsyncKeyState.USER32(00000002), ref: 008A919D
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00928B6B
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_EndDrag.COMCTL32 ref: 00928B71
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 00928B77
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 00928C12
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00928C25
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00928CFF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 31c047a030ac3cb0f34df6cf59d3e82c85392a47569017e8de089b01f8367780
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 64cc4a536cb2ce79d394cb19ddef21e2aa93fbe1dc46f5217adcd41801b497e6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31c047a030ac3cb0f34df6cf59d3e82c85392a47569017e8de089b01f8367780
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7518C71109310AFDB14EF14EC56FAA77E4FB88714F04062DF996A72A1DB719904CBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 0090C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0090C272
                                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0090C29A
                                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0090C2CA
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0090C322
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0090C336
                                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0090C341
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2bddb202dfc7735a62b60d5f7c3f7b5e446e24cf17321124b9196e66395d708f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02b86dd8b438f6edf2629612205e96fd490e87981a5fb455e718ea514ec2647f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bddb202dfc7735a62b60d5f7c3f7b5e446e24cf17321124b9196e66395d708f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5314AF1614608AFD7219FA48C88AAF7BFCEB49744F14861EF446D2290DB34DD05ABA1
                                                                                                                                                                                                                                                                                                                                                                      Function 008F989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,008D3AAF,?,?,Bad directive syntax error,0092CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008F98BC
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,008D3AAF,?), ref: 008F98C3
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 008F9987
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6b44f97512124582d1a5c00aa95c0f07861888ed38bb5d343d073a1fb342c91
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d76ce5f9376e9eee21f24cd39e9b140ff04cf3adce5ffa04eaee748110f59839
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6b44f97512124582d1a5c00aa95c0f07861888ed38bb5d343d073a1fb342c91
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8121943194421EABDF11EFA4CC06EFE7739FF14305F084469F615A20A2DB719618DB61
                                                                                                                                                                                                                                                                                                                                                                      Function 008F209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 008F20AB
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 008F20C0
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 008F214D
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 971ce1bd5dec5a5b85a88bc6178152e59786cd9d99f12cb1911a13ed6eb05d96
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ea764708651f3d395dbd81eaffa746ee7e3504ad26583b7802dea9ae825babb8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 971ce1bd5dec5a5b85a88bc6178152e59786cd9d99f12cb1911a13ed6eb05d96
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4111367628870FB9FA116234DC1BDFA739CEF05329B211116FB04E40E2FE61B88A5619
                                                                                                                                                                                                                                                                                                                                                                      Function 008C8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1930f311cb1090ef4d533f18cc5931a8f9cd6d04895b64e8bf03e1f3b625238f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1907beb348b25ef5941edf6eda437cdbcdc226532601e5b0e77c2d7759c6e0d4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1930f311cb1090ef4d533f18cc5931a8f9cd6d04895b64e8bf03e1f3b625238f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92C1BB74A04649AFDB219FA8D885FADBBB0FF49310F08409DE955E7392CB70D941CB62
                                                                                                                                                                                                                                                                                                                                                                      Function 008CCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f0d4df43ed8888378c2c6e248e2ee84bd777a56e5305681e2c28ff6198aa927
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 09ae8f5e6e12c0cffaca07cbfbb183be140ef27ec2888948a8b0c45a93997284
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f0d4df43ed8888378c2c6e248e2ee84bd777a56e5305681e2c28ff6198aa927
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D613571918304AFDB21AFB89892F6A7BB9FF05320F04426DF948D7282DBB1DD019791
                                                                                                                                                                                                                                                                                                                                                                      Function 009250D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00925186
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 009251C7
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005,?,00000000), ref: 009251CD
                                                                                                                                                                                                                                                                                                                                                                      • SetFocus.USER32(?,?,00000005,?,00000000), ref: 009251D1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00926FBA: DeleteObject.GDI32(00000000), ref: 00926FE6
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0092520D
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0092521A
                                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0092524D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00925287
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00925296
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a471de91539daee81c999cecd58ffdc32ab8d749810e0495cc48f40754234abc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c7ffb70f9689932ed0ab1c36fc5331392262ac707a7cd5c5e126ff697db2a48d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a471de91539daee81c999cecd58ffdc32ab8d749810e0495cc48f40754234abc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0851B270A58A28FEEF309F24EC45BD83B69FB05320F154011F625962E9C375E990DB41
                                                                                                                                                                                                                                                                                                                                                                      Function 008A8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 008E6890
                                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008E68A9
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008E68B9
                                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008E68D1
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008E68F2
                                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008A8874,00000000,00000000,00000000,000000FF,00000000), ref: 008E6901
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 008E691E
                                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,008A8874,00000000,00000000,00000000,000000FF,00000000), ref: 008E692D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 621dbe1bed8f60659c4d85726d7f07864ad06983c8f652ff12e84fface5be05d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 118792c4054014780f3349a2f58e24f52b7674ed9a2464e9ce4351a7b11bd045
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 621dbe1bed8f60659c4d85726d7f07864ad06983c8f652ff12e84fface5be05d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0519AB0600209EFEB20DF25CC55BAA7BB5FB59360F104528F902D76A0EB70E991DB60
                                                                                                                                                                                                                                                                                                                                                                      Function 0090C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0090C182
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0090C195
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0090C1A9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0090C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0090C272
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0090C253: GetLastError.KERNEL32 ref: 0090C322
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0090C253: SetEvent.KERNEL32(?), ref: 0090C336
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0090C253: InternetCloseHandle.WININET(00000000), ref: 0090C341
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 800eb66ee49e1a278521d64c325ba666ef13794b7634685c890e4e91f9440f29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 04e359c88821a1f2d982c69d0ab532026ba9cc499c349c10dd897795e86f13a8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 800eb66ee49e1a278521d64c325ba666ef13794b7634685c890e4e91f9440f29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C318EB1604601FFDB219FA9DD44A6ABBFDFF58310B00461DF96682A50DB30E815ABA0
                                                                                                                                                                                                                                                                                                                                                                      Function 008F25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F25BD
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008F25DB
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008F25DF
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F25E9
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 008F2601
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 008F2605
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 008F260F
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 008F2623
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 008F2627
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e95d4c387bd40c9cdca2bd437a89292d89c5aa85cdda6888b2585fed9babbd29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f77a267d32ef716d258bace6ee74fdc6293bbbde877ef7c322e3478f8e2319e8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e95d4c387bd40c9cdca2bd437a89292d89c5aa85cdda6888b2585fed9babbd29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD01D870398624BBFB2067799C8AF693F59EF4EB11F100001F314EE0D1C9E214459A6A
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,008F1449,?,?,00000000), ref: 008F180C
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F1813
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008F1449,?,?,00000000), ref: 008F1828
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,008F1449,?,?,00000000), ref: 008F1830
                                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F1833
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008F1449,?,?,00000000), ref: 008F1843
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(008F1449,00000000,?,008F1449,?,?,00000000), ref: 008F184B
                                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,008F1449,?,?,00000000), ref: 008F184E
                                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,008F1874,00000000,00000000,00000000), ref: 008F1868
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99af5b302d9eb31b970c33e62164138d4c1b8c2d8ab357b29a8a666af843d74a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 03fbc42c9d77d270aef798b8138161c2192076bc61d1027d5f973eb94812426e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99af5b302d9eb31b970c33e62164138d4c1b8c2d8ab357b29a8a666af843d74a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6801BFB5654308BFE720AB75DC4EF6B3B6CEB89B11F104411FA05DB192C6749815DB60
                                                                                                                                                                                                                                                                                                                                                                      Function 0091A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 008FD501
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 008FD50F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FD4DC: CloseHandle.KERNEL32(00000000), ref: 008FD5DC
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0091A16D
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0091A180
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0091A1B3
                                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0091A268
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0091A273
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0091A2C4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9df9002dce82d186b21ce223c2c325d5fb4c4fcec62bb5b134246ae355841230
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 883c526dfcb28e557081e0bad2f8abaae1f50d9bf9dfc8ed8e85190b28f749e2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9df9002dce82d186b21ce223c2c325d5fb4c4fcec62bb5b134246ae355841230
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9661B271309241AFD720DF18C494F69BBE5AF44318F58848CE4668B7A3C776ED85CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00923886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00923925
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0092393A
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00923954
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00923999
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 009239C6
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009239F4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7a69ffa917d2c099f61d12b6a1dfb0ff74a9cf27642926eb2ceb2a37b08417f6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c24a98d36e7a39e2d7f04e1932bfdb42f53ad40edc2cd799f9a9f4e8a8a6cf2c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a69ffa917d2c099f61d12b6a1dfb0ff74a9cf27642926eb2ceb2a37b08417f6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1441E371A00229ABEF21DF64DC49BEE7BA9FF48350F104526F948E7281D7759E80CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 008FBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008FBCFD
                                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 008FBD1D
                                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 008FBD53
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(01805490), ref: 008FBDA4
                                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(01805490,?,00000001,00000030), ref: 008FBDCC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 987f02535a557b8da7e31a1114d158a99d9c1622bfc19cbcf2622e8261ea4012
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a8bf5a1e54c077571426a5d8c7dda42190721c91f3d3ad9e3e677d636f1f70fd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 987f02535a557b8da7e31a1114d158a99d9c1622bfc19cbcf2622e8261ea4012
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0518BB0A0420D9BDB20EFB8D884BBEBBF8FF45354F244219E611D7290D7709941CB62
                                                                                                                                                                                                                                                                                                                                                                      Function 008FC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 008FC913
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b8b1e625ad6e242cd2821769d9ffc472e5d8f27e83b3c44429fb2d7b49debd01
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6b310c81f503970b8d07e0269d7988fd40b94b18808822213c162f5437439613
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8b1e625ad6e242cd2821769d9ffc472e5d8f27e83b3c44429fb2d7b49debd01
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C11083178930EBAEB009B749D83CBE6B9CFF15359B50102AFA00E6282E7A19F045265
                                                                                                                                                                                                                                                                                                                                                                      Function 008FED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5de8fb07c11c1bf597eed7ba070b565e410bac05b79297984b34a80230683c33
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: deea6066a7a2490dc106dfba7ae934723f1e1cb5b7524f379c7cc2935fd57940
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5de8fb07c11c1bf597eed7ba070b565e410bac05b79297984b34a80230683c33
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D416265C1021C76DB11EBF88C8A9DFB7A8FF45710F508566E618E3222FB34E255C3A6
                                                                                                                                                                                                                                                                                                                                                                      Function 008AF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008AF953
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008EF3D1
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 008EF454
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6d0614ff77118a3ac6f6da44f5a0f935faf209b9489ba60468bba30c1b5635a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b9edc3e684533a956897458bc64c2337372bbf3e848e6df45fb083d060d043ba
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6d0614ff77118a3ac6f6da44f5a0f935faf209b9489ba60468bba30c1b5635a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F411830218680BAE7788B69888876B7F91FB47318F1C443CE387D2E63C631A881DB51
                                                                                                                                                                                                                                                                                                                                                                      Function 00922D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00922D1B
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00922D23
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00922D2E
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00922D3A
                                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00922D76
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00922D87
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00925A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00922DC2
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00922DE1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cf999a35aa5e2a1729b1a0c4766e84fd22305935c75f9694703032435f2fe795
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7df2cdf0a111df0c90be60eb25a8acf81daa08e9199bd1a33d575fb0cc8d0140
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf999a35aa5e2a1729b1a0c4766e84fd22305935c75f9694703032435f2fe795
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B317AB2215224BFEB218F50DC8AFEB3BADEF09715F044055FE089A291C6759C51CBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 008F5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: afd0015c3864effba1b3b7138aaf5211446b7d117d1529414c380ebe5c775454
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 587c5781fb5d35efe99cf11b737aa51f0b236b1a89fdb15a928aad88ecbc0fb6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afd0015c3864effba1b3b7138aaf5211446b7d117d1529414c380ebe5c775454
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62219561644A1D77D654A6349DA6FFA239CFE74388F840030FF15DE785F728ED1081A6
                                                                                                                                                                                                                                                                                                                                                                      Function 00914FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 337a5b42f2ac99e128e58748f8a585e9961d7def743643b8a998a2c691563cbe
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2e9998836d09ea10ee8993069c719fc066fc11af14b400dfe30d59f337850f8d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 337a5b42f2ac99e128e58748f8a585e9961d7def743643b8a998a2c691563cbe
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26D17071B0060AEFDB10DF98D881BEEB7B9BF88344F168469E915AB281D770DD85CB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008D1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 008D15CE
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008D1651
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,008D17FB,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008D16E4
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008D16FB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,008D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008D1777
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 008D17A2
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 008D17AE
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d3ff908644795f8437521da289979f495ec2efce203045aeca2c3f9bef40b9a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 77cfe1a7553a3ed8c882aae1bec261e55b6a3b81e917058962b7eac9ea85fe6f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d3ff908644795f8437521da289979f495ec2efce203045aeca2c3f9bef40b9a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F091C271F0021AAADF208E64D889AEE7BB5FF49714F18475AE805E7351DB39DD40CBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00914523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ff3e380480bf8ed0995372002faa6c01269f7b27cd3d6accf242f5a7601a132a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5ef03288b82c24aa63e82c84709917b15589a1eca57935d92fbb799d5af697dd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff3e380480bf8ed0995372002faa6c01269f7b27cd3d6accf242f5a7601a132a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F917E71A00219ABDF20CFA5DC44FEEBBB8EF4A715F108559F515AB280D7709985CFA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00901187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0090125C
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00901284
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009012A8
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009012D8
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0090135F
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009013C4
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00901430
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d829e6a3c7029c05f4de04e7698577064b34f1a8c9ad40ddfc84b5229f85426
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f8d4fcf2b37ea6b277d9bc111c26ad70056283df16f82a4d34452c989ecf17ae
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d829e6a3c7029c05f4de04e7698577064b34f1a8c9ad40ddfc84b5229f85426
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC910471A00219AFEB00DFA8C884BBEB7B9FF45314F144429E951EB2E1D778E941CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 008A948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6085ff2506db088b20c7c5a03fe3925442d3a5cb2c9821974ed04c834f2bcd9d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a1145ac603871512a19b94177d030b28bc5be733185f826afa8610ddd4937af2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6085ff2506db088b20c7c5a03fe3925442d3a5cb2c9821974ed04c834f2bcd9d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A913471D08219EFDB10CFA9C885AEEBBB9FF4A320F148049E555F7251D374AA42CB60
                                                                                                                                                                                                                                                                                                                                                                      Function 00913947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0091396B
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00913A7A
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00913A8A
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00913C1F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00900CDF: VariantInit.OLEAUT32(00000000), ref: 00900D1F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00900CDF: VariantCopy.OLEAUT32(?,?), ref: 00900D28
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00900CDF: VariantClear.OLEAUT32(?), ref: 00900D34
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9cf1358893a9e8e2dda47f195d7e9ef1b38af3228a62bfcbbd1e18b1f05732df
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 732dc732ba238b740dc02f7b86bf293bf638c2e96c937c632ea5b7752f5665f0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cf1358893a9e8e2dda47f195d7e9ef1b38af3228a62bfcbbd1e18b1f05732df
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A9126746083059FCB14EF28C4809AAB7E8FF89314F14892DF89A97351DB30EE45CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00914BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?,?,008F035E), ref: 008F002B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0046
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0054
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?), ref: 008F0064
                                                                                                                                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00914C51
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00914D59
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00914DCF
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00914DDA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f4787ded3262c71f9a48ab0330593c2ea8c66c47bb5a0e0a42983c66f31f1953
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7c58e249d08aba12c737af15b8ae531fad84510eb952425e47a8e2c47637133a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4787ded3262c71f9a48ab0330593c2ea8c66c47bb5a0e0a42983c66f31f1953
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86911671D0021DAFDF14DFA4D891AEEB7B9FF08310F108569E915A7291EB349A44CFA1
                                                                                                                                                                                                                                                                                                                                                                      Function 009220FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 00922183
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 009221B5
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009221DD
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00922213
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 0092224D
                                                                                                                                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 0092225B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009222E3
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cdedae95e984fb1f958b23f1e42f9c98ffd17f17b2f6ef7f93e4f36bdf6adca9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bd33319314f0ca079cb8be9c1da693646763d9b62e369a2f5d24e917e0298903
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdedae95e984fb1f958b23f1e42f9c98ffd17f17b2f6ef7f93e4f36bdf6adca9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6771CF75A04215EFCB14EFA8D881AAEB7F5FF48310F148458E926EB355DB35EE018B90
                                                                                                                                                                                                                                                                                                                                                                      Function 00927E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(01805620), ref: 00927F37
                                                                                                                                                                                                                                                                                                                                                                      • IsWindowEnabled.USER32(01805620), ref: 00927F43
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0092801E
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(01805620,000000B0,?,?), ref: 00928051
                                                                                                                                                                                                                                                                                                                                                                      • IsDlgButtonChecked.USER32(?,?), ref: 00928089
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(01805620,000000EC), ref: 009280AB
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 009280C3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 85b186346edee454a762078b45dd2ded26b9df1c0b41c03eec2a89fcba33626b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 373a4acfe1128064269708c3973d68d8ac363e24c30fee13a76b4324c2cb5ee0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85b186346edee454a762078b45dd2ded26b9df1c0b41c03eec2a89fcba33626b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E771C27460D224AFEB209F94ED84FFABBB9FF09300F140459F945A72A9CB31A845DB11
                                                                                                                                                                                                                                                                                                                                                                      Function 008FAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 008FAEF9
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 008FAF0E
                                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 008FAF6F
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 008FAF9D
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 008FAFBC
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 008FAFFD
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 008FB020
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 634bb1e444bd1849c31ddfbc6d8d9a6361e9ea2c103833bd2436081605173ce1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9e2a8b006d06ee5c0f006963ffa10fea6fb79e6d347324b9c7defab91ca16186
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 634bb1e444bd1849c31ddfbc6d8d9a6361e9ea2c103833bd2436081605173ce1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A751E5E06147D93DFB364234CC45BBA7EA9FB06314F088589E2E9D94C2C798ACC4D761
                                                                                                                                                                                                                                                                                                                                                                      Function 008FACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 008FAD19
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 008FAD2E
                                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 008FAD8F
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 008FADBB
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 008FADD8
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 008FAE17
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 008FAE38
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d1205352a24a88b5dfce8c98c2bcc08cf9a2cef759970da1931f1d2d9979aea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7b0839f7c07967f6f479c16071f6c086473e423640365580cbdbde8624a40e60
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d1205352a24a88b5dfce8c98c2bcc08cf9a2cef759970da1931f1d2d9979aea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9651E6E15047D93DFB3A9334CC85B7A7EA9FB45310F088488E2D9D68C2D294EC88D762
                                                                                                                                                                                                                                                                                                                                                                      Function 008C542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(008D3CD6,?,?,?,?,?,?,?,?,008C5BA3,?,?,008D3CD6,?,?), ref: 008C5470
                                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 008C54EB
                                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 008C5506
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,008D3CD6,00000005,00000000,00000000), ref: 008C552C
                                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,008D3CD6,00000000,008C5BA3,00000000,?,?,?,?,?,?,?,?,?,008C5BA3,?), ref: 008C554B
                                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,008C5BA3,00000000,?,?,?,?,?,?,?,?,?,008C5BA3,?), ref: 008C5584
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6293a5b8226746dfd527460bfd9587047d9121c07c37967c770679e460e58a9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b592460fed2bca848e05c41f4c8fd21d8996e41d5ba95262b13059c7a138133f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6293a5b8226746dfd527460bfd9587047d9121c07c37967c770679e460e58a9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4518BB0A04609AFDF10CFA8D895FEEBBB9FB09300F14451EE555E7291D670EA81CB60
                                                                                                                                                                                                                                                                                                                                                                      Function 008B2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 008B2D4B
                                                                                                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 008B2D53
                                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 008B2DE1
                                                                                                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 008B2E0C
                                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 008B2E61
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e66edebde9864b0690a57c6b9f7bd209fab6d175a2fc7030b0ff66a0ef9a2691
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dc2cb48e3bed56a5415cf978573bb71bc58f26813bf0c546020e8e3c9d08ffd9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e66edebde9864b0690a57c6b9f7bd209fab6d175a2fc7030b0ff66a0ef9a2691
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25418034A0020DABCF10DF69C855ADEBBA5FF45328F188165E815EB392D731AA15CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 009110B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091304E: _wcslen.LIBCMT ref: 0091309B
                                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00911112
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00911121
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 009111C9
                                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 009111F9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e9aa77a039887a0dd765558acdf8bd0122ff19a201c9d8a5e5cb14c40b640f3b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 22a35a41bc04913a2de8b766ffa6354d49273f3df5d95f505aa87a030de26cf3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9aa77a039887a0dd765558acdf8bd0122ff19a201c9d8a5e5cb14c40b640f3b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F41C171704208BFDB209F18D884BEABBE9FF45324F148059FA199B291D774AD81CBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 008FCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008FCF22,?), ref: 008FDDFD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008FCF22,?), ref: 008FDE16
                                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 008FCF45
                                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 008FCF7F
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008FD005
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008FD01B
                                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 008FD061
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c880c18f76dd0ba268155bc24e5077ee26de3664f8bcc1b405367984ea6d4f50
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: edcf2192ab8c5ca1cb3eaa2f4f0cca250430c6179b4fc351566481e6e1f45ccd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c880c18f76dd0ba268155bc24e5077ee26de3664f8bcc1b405367984ea6d4f50
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8841437194521C5FDF12EBB4CA81AEEB7B9FF48380F1000A6E605EB151EE74A785CB51
                                                                                                                                                                                                                                                                                                                                                                      Function 00922DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00922E1C
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00922E4F
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00922E84
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00922EB6
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00922EE0
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00922EF1
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00922F0B
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a92ed916b0888ba1bc6f5b2d4d497c43ef927f246aff564aadca37a0e3cb071
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e01ae4b2c0cdd4ce06c9183b634a134414fd44c1c187d16810481b9aef96ed76
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a92ed916b0888ba1bc6f5b2d4d497c43ef927f246aff564aadca37a0e3cb071
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83310630619161AFDB21CF58EC84F6937E5FB9A710F1A0164F9118F2B5CBB1A841EF41
                                                                                                                                                                                                                                                                                                                                                                      Function 008F7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7769
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F778F
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 008F7792
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 008F77B0
                                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 008F77B9
                                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 008F77DE
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 008F77EC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7fbfad4eceb26e00eb914eb77fd0ab8e6e8a5b905aa6f406c2e542c3d39cb9eb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9e6fc68a0eb46b68f965b5e33d84bc5698acfb6ee08f82ada5813b1ff1a96f9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fbfad4eceb26e00eb914eb77fd0ab8e6e8a5b905aa6f406c2e542c3d39cb9eb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7217F7661821DAFEB10AFB8DC88CBB77ACFB097647148025FA15DB161D6709C428BA4
                                                                                                                                                                                                                                                                                                                                                                      Function 008F77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7842
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008F7868
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 008F786B
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 008F788C
                                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 008F7895
                                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 008F78AF
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 008F78BD
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 13270559d6691856f6e4fc2f2c613ff8964cd116ded543430733daf6cca642bb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 106eef1435e90334adef503a7c21a74bacd9e414670f5ecc175c18d1fa6a5dbd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13270559d6691856f6e4fc2f2c613ff8964cd116ded543430733daf6cca642bb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56216571618108AFEB10AFB8DC89DBA77ECFB097607108135FA15CB1A1D674DC41DB68
                                                                                                                                                                                                                                                                                                                                                                      Function 009004D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 009004F2
                                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0090052E
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d3246833ab0382e81860d8326f21dec78413d79018fcee45a3de75b83d72e244
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f1143f5d1943ad830d9958046cbb5bf798e4b3ed53822f8a4bb72b7ea8ef79bf
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3246833ab0382e81860d8326f21dec78413d79018fcee45a3de75b83d72e244
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 322148B5500205AFDB209F2ADC45B9E7BF8AF85724F204A29F8A1D62E0E7709951DF20
                                                                                                                                                                                                                                                                                                                                                                      Function 009005A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 009005C6
                                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00900601
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 190284e45730e21fa3af0b0b23c80e2a3e00c1037b4c5f2655fcf02a371b6645
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f2bf7810041671630fa85112cfae38be9079d18335776ad754fba35c4ef967b2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 190284e45730e21fa3af0b0b23c80e2a3e00c1037b4c5f2655fcf02a371b6645
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44218E755003059FDB209F69DC04B9A77E9AFD5B20F200B19F8A1E72E0DBB199A1DB20
                                                                                                                                                                                                                                                                                                                                                                      Function 009240AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0089600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0089600E: GetStockObject.GDI32(00000011), ref: 00896060
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0089600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00924112
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0092411F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0092412A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00924139
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00924145
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 64fd43cc0ddeb635a593b48e198abb2fcaa461eb1be92149fb2b8a4aa9891e83
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0efd9c9b96ac09b85b2a438241979306f9ca557c9472af2ace9f678fb67c96b7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64fd43cc0ddeb635a593b48e198abb2fcaa461eb1be92149fb2b8a4aa9891e83
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA11B6B11502297EEF119F64DC85EE77F5DEF18798F014110FA18A2090C7729C61DBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 008CD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008CD7A3: _free.LIBCMT ref: 008CD7CC
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD82D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD838
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD843
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD897
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD8A2
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD8AD
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD8B8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 65305edde989446064f66b714a0c882fc34282cb9b7e0cf5fa8ba4d96dc5e5ed
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4511F971540B04AAD621BFB4CC46FCB7BBCFF04700F40982DB29DE6892DA75E5098662
                                                                                                                                                                                                                                                                                                                                                                      Function 008FDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 008FDA74
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 008FDA7B
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 008FDA91
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 008FDA98
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 008FDADC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 008FDAB9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1eeec99c28fbeff39b36ddf685a2f3e0182db3c69b347328bbcdf80824dfb73a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0f781f505ab670d052c7447d9473b38d5f222099a1790ee591523d8b73c74d20
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1eeec99c28fbeff39b36ddf685a2f3e0182db3c69b347328bbcdf80824dfb73a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E0162F25042187FE720DBA49D89EFF326CEB08305F400492B746E2041E6749E854F74
                                                                                                                                                                                                                                                                                                                                                                      Function 0090096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(017FE2B8,017FE2B8), ref: 0090097B
                                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(017FE298,00000000), ref: 0090098D
                                                                                                                                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 0090099B
                                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 009009A9
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 009009B8
                                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(017FE2B8,000001F6), ref: 009009C8
                                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(017FE298), ref: 009009CF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 857520afe34f80b9ab1e3fef3c817f6b7e41565e80696c08059e1791fc34165d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e491ae7e93b7133c74f047f371676d6d0f796818ebf393d6248bda8b118b5f8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 857520afe34f80b9ab1e3fef3c817f6b7e41565e80696c08059e1791fc34165d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62F01D7145A902EBD7615B94EE89BDA7A29BF41702F501015F111508A1CB749466DF90
                                                                                                                                                                                                                                                                                                                                                                      Function 00911C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00911DC0
                                                                                                                                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00911DE1
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00911DF2
                                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(?,?,?,?,?), ref: 00911EDB
                                                                                                                                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00911E8C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F39E8: _strlen.LIBCMT ref: 008F39F2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00913224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0090EC0C), ref: 00913240
                                                                                                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00911F35
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 94e7bc4ac92041bf9b7292eb0318d73f3699c6a014bc3a4d26cbe98ea7f575a3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c9e13be78eadd1bc9490f7bf5f1111db6b7fe40bfd7b22fc91f30e74f43c6b2b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94e7bc4ac92041bf9b7292eb0318d73f3699c6a014bc3a4d26cbe98ea7f575a3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7B1C331204304AFD724DF28C885E6A77A5FF85318F58854CF5569B3A2DB71ED82CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00895D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00895D30
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00895D71
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00895D99
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00895ED7
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00895EF8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75fe73657812472fcfa438f4c16d93a1e25eab13ebe0414d0f4fc8233774502d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8396b3010a3de0f5c93e6b5f9602ba207206a21549e88e703b69f4cf05750eb1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75fe73657812472fcfa438f4c16d93a1e25eab13ebe0414d0f4fc8233774502d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41B16875A00A4ADBDF10DFA9C4807EEB7F1FF48310F18951AE8AAD7250DB30AA51DB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008C01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 008C00BA
                                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C00D6
                                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 008C00ED
                                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C010B
                                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 008C0122
                                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C0140
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c81cc3136cad4843ebe30626d44e2ad55db3a3b3989d4093b199840fd3171e95
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2281B471A00B069BE7249E6CCC42FAAB3F9FF51764F24452EF551D6782EB70D9008B51
                                                                                                                                                                                                                                                                                                                                                                      Function 008C61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008B82D9,008B82D9,?,?,?,008C644F,00000001,00000001,8BE85006), ref: 008C6258
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008C644F,00000001,00000001,8BE85006,?,?,?), ref: 008C62DE
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008C63D8
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 008C63E5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 008C63EE
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 008C6413
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b77d8afe14024f8bc1b8176401cf181ed45c23648e5510c59450eaf90c41e8f8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 00a6fa6a01e98331b076555144ebd437dc84c57c9b8fbbb4d7d8c6cb67bc86a7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b77d8afe14024f8bc1b8176401cf181ed45c23648e5510c59450eaf90c41e8f8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9651AB72A00256ABEB258E74CC81FAF7BB9FB44750F14463DF805D6281EB34DC61D6A0
                                                                                                                                                                                                                                                                                                                                                                      Function 0091BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091BCCA
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091BD25
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0091BD6A
                                                                                                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0091BD99
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0091BDF3
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0091BDFF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0533365a15c0cb8e2501a4918b782fd9bd38c0ab21e25445c9c8c247e6f46f18
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5a435f89c20372edb4b16ee94332493d9d3bb5f2c903e5320d383da0a214bfc5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0533365a15c0cb8e2501a4918b782fd9bd38c0ab21e25445c9c8c247e6f46f18
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9881A270208245EFD714DF28C895E6ABBE9FF84308F14895CF5958B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 008EF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000035), ref: 008EF7B9
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000001), ref: 008EF860
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(008EFA64,00000000), ref: 008EF889
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(008EFA64), ref: 008EF8AD
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(008EFA64,00000000), ref: 008EF8B1
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 008EF8BB
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c0af75aaef5afee4f197454313121b09f81d4e959be31e6f2574823227c77a75
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ca8350f74e326352851bafe0a91b227ea8cc2988ec26141465bb7de48c4b8db
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0af75aaef5afee4f197454313121b09f81d4e959be31e6f2574823227c77a75
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C151D431610354ABDF20BB6AD895B29B7A8FF47314B248466FA05DF293DB708C40CB97
                                                                                                                                                                                                                                                                                                                                                                      Function 0090910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 009094E5
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00909506
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0090952D
                                                                                                                                                                                                                                                                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00909585
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e61c7af4e128dcf94fdc123d4934e715f48f7ba7fc3dbcc60a71659a186e3740
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b7740c51931fb2979f0764ffea68850a5093cfaeff8d4979e81854ff00d0900b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e61c7af4e128dcf94fdc123d4934e715f48f7ba7fc3dbcc60a71659a186e3740
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AE18471508301DFDB14EF29C881A6AB7E4FF85314F08896DF8999B2A2DB31DD05CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 008A920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 008A9241
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 008A92A5
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 008A92C2
                                                                                                                                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008A92D3
                                                                                                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 008A9321
                                                                                                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008E71EA
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9339: BeginPath.GDI32(00000000), ref: 008A9357
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7045db4160a6d269ecc37e10f43e2ccfc2cb958844391962f9e1a39199f66b83
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6514513352579e1f14233a119fc3ae45abc0ff542154cfd4ba8e7777d833efe3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7045db4160a6d269ecc37e10f43e2ccfc2cb958844391962f9e1a39199f66b83
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F41AE7010D301AFEB20DF25D885FAA7BB8FF46764F140269F9A4C72A1C7719845EB62
                                                                                                                                                                                                                                                                                                                                                                      Function 009007EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 0090080C
                                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00900847
                                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00900863
                                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 009008DC
                                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009008F3
                                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00900921
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 48d9132f9cfe363468a88e588e0b7d3e713fe3cd5ced4106949d2cf91a6da768
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cfbdb0ef9748b209feeb7fee04a916a0aea0e29fca6a5fc4e73856daf9881cb0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48d9132f9cfe363468a88e588e0b7d3e713fe3cd5ced4106949d2cf91a6da768
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5415A71900205EFEF149F94DC85AAA77B8FF44300F1480A5ED00DA297DB31DE65DBA5
                                                                                                                                                                                                                                                                                                                                                                      Function 009281DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,008EF3AB,00000000,?,?,00000000,?,008E682C,00000004,00000000,00000000), ref: 0092824C
                                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 00928272
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 009282D1
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 009282E5
                                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 0092830B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0092832F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c9cc1d86644e4ef5560025918ff80869896e6772d6c14bdcb9c724e0c676af7c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68e1a8ed01fa9429796503f7057bec6fe4284c1b8f665c5e4bb68997936aa214
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9cc1d86644e4ef5560025918ff80869896e6772d6c14bdcb9c724e0c676af7c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5041F430606650EFDB25CF14E899BE97BE4FF0A754F1842A8E5184F2B6CB72A841DF50
                                                                                                                                                                                                                                                                                                                                                                      Function 008F4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 008F4C95
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 008F4CB2
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 008F4CEA
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008F4D08
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 008F4D10
                                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 008F4D1A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0147aa646858eb7b52be04f7afa21583a554401b081f69bc5b591d8c38bf3f6f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 537b091b17044012b5dba95419939518f53c69d59044c6dab0b6eedbfb7e1e35
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0147aa646858eb7b52be04f7afa21583a554401b081f69bc5b591d8c38bf3f6f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 532129712042097BFB256B799C09E7F7B9CFF45750F10502AFA05CA192DA75DC0192A1
                                                                                                                                                                                                                                                                                                                                                                      Function 0090581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00893AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00893A97,?,?,00892E7F,?,?,?,00000000), ref: 00893AC2
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0090587B
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00905995
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0092FCF8,00000000,00000001,0092FB68,?), ref: 009059AE
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 009059CC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aea3980d4193be85dd1a5700f45b741ef75db5cc2d60cd1b7a08ee89e5957a29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 27cea194cf9f5b5c9a96783e697fa603594365ea1c7ba99399ed329dd8538d89
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aea3980d4193be85dd1a5700f45b741ef75db5cc2d60cd1b7a08ee89e5957a29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90D143716086019FCB14EF18C480A2BBBE5FF89714F568859F8999B3A1DB31EC45CF92
                                                                                                                                                                                                                                                                                                                                                                      Function 008F175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008F0FCA
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008F0FD6
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008F0FE5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008F0FEC
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008F1002
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,008F1335), ref: 008F17AE
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008F17BA
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 008F17C1
                                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 008F17DA
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,008F1335), ref: 008F17EE
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F17F5
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dfc1f61f9a236aec6525dd39800802a12a59efc8a2ea54b51a6f13e3b30f3348
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1b99460e19df00db4ffe5b25b3e6dcba58ed969b77b093cf764619e6d1fe5346
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfc1f61f9a236aec6525dd39800802a12a59efc8a2ea54b51a6f13e3b30f3348
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A119A71914209EFDF20AFA4CC4ABBF7BA9FB41355F104018F545D7215C735A945DB60
                                                                                                                                                                                                                                                                                                                                                                      Function 008F14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008F14FF
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 008F1506
                                                                                                                                                                                                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 008F1515
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 008F1520
                                                                                                                                                                                                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 008F154F
                                                                                                                                                                                                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 008F1563
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fe1ac81b5291865aeff939b341a7f2d619fe872d39148d741aca4907ad429fb5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8ac34d0e7f981c7a833ef3dd89a91aa7e36b518aa7c59537b7e9f8763331c4bd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe1ac81b5291865aeff939b341a7f2d619fe872d39148d741aca4907ad429fb5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A21117B250424DEBDF218FA8DD49BEE7BA9FF48748F144015FA05E2060C3758E65AB64
                                                                                                                                                                                                                                                                                                                                                                      Function 008B3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,008B3379,008B2FE5), ref: 008B3390
                                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008B339E
                                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008B33B7
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,008B3379,008B2FE5), ref: 008B3409
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9725498b3e9ce272ab320201ede4a67ffa3245bf5d7cb25f097bb5743ccaf592
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f3843b94d3eb060816aeb731c0f98f05000390a25617de0180a93676b6062eab
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9725498b3e9ce272ab320201ede4a67ffa3245bf5d7cb25f097bb5743ccaf592
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4014C7321C711BEAA242779BC86AD72F94FB2937A7200229F410C13F1FF114D06B244
                                                                                                                                                                                                                                                                                                                                                                      Function 008C2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,008C5686,008D3CD6,?,00000000,?,008C5B6A,?,?,?,?,?,008BE6D1,?,00958A48), ref: 008C2D78
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2DAB
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2DD3
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,008BE6D1,?,00958A48,00000010,00894F4A,?,?,00000000,008D3CD6), ref: 008C2DE0
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,008BE6D1,?,00958A48,00000010,00894F4A,?,?,00000000,008D3CD6), ref: 008C2DEC
                                                                                                                                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 008C2DF2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 785c01de04452403a343c4518a5c8f9f56ce4cdde33b170d693e484e2a4c01f2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: acfbf2508c6e3fe008dd9abc01ae59dac748481b46037c1a828bde75ceb8407c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 785c01de04452403a343c4518a5c8f9f56ce4cdde33b170d693e484e2a4c01f2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5F0A471508B056BC622773DBC06F1E2679FBD17A6F24451CF925D21D2EF34C8065162
                                                                                                                                                                                                                                                                                                                                                                      Function 00928A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9639: BeginPath.GDI32(?), ref: 008A96B9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00928A4E
                                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000003,00000000), ref: 00928A62
                                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00928A70
                                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000000,00000003), ref: 00928A80
                                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00928A90
                                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00928AA0
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e35991cb2a25d683a2dbe62942e4539640db5a03e0915dfb127cada377b1275a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3de60fd1ec9568026d009b60cdd3aef0d763d0b783cab860b15198f07e61385f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e35991cb2a25d683a2dbe62942e4539640db5a03e0915dfb127cada377b1275a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53110C76044118FFEF129F94EC48E9A7F6CEB08350F048011FA1995161C7719D55EBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 008F51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 008F5218
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 008F5229
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008F5230
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 008F5238
                                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 008F524F
                                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 008F5261
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9b2817c7ee01dcd5f80f787d5017437d8a7acd3bd9bc973a517b38a8e6fdfbb9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a861ca3202c212cbc79cc8c67620575fee052b21dbe0a1db3d2ceb64509d7d38
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b2817c7ee01dcd5f80f787d5017437d8a7acd3bd9bc973a517b38a8e6fdfbb9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48018FB5E04709BBEB109BB69C49A5EBFB8FF48751F044165FB04E7281DA709801DFA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00891BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00891BF4
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00891BFC
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00891C07
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00891C12
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 00891C1A
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00891C22
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 162e399e505a24b591f771e77441393ccb3f858eaabe6e0e54d0adaf209772d7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eea579446825d141c8d2115a1b9c3dbf81a4614a7054e69e288f98ad2198da46
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 162e399e505a24b591f771e77441393ccb3f858eaabe6e0e54d0adaf209772d7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A0167B0902B5ABDE3008F6A8C85B56FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                      Function 008FEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008FEB30
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 008FEB46
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 008FEB55
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB64
                                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB6E
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008FEB75
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 582d84ade9999b157b33cbb2b4f515448ace16cf7c0647282106e514cc6af3f1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 56dc89909e2670e020781df9c12ef30adc5b0402b38b5af24c85de44155e6bb3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 582d84ade9999b157b33cbb2b4f515448ace16cf7c0647282106e514cc6af3f1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6F05EB2254559BBE7315B629C0EEEF3E7CEFCAB11F000158F601E1091D7A05A02E6B5
                                                                                                                                                                                                                                                                                                                                                                      Function 008E7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 008E7452
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 008E7469
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 008E7475
                                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 008E7484
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 008E7496
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 008E74B0
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ab00138564560753740fde624b3eacba3508fd21e80e5ac97f7cb8c3ea76a6e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e296297f82087dfe65852ddcda8075874d5b04e797991ab2645d11f69411d79
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ab00138564560753740fde624b3eacba3508fd21e80e5ac97f7cb8c3ea76a6e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8201867141820AFFEB215FA4DC08BAE7BB5FF05325F200064FA16A21A1CB311E52BB50
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008F187F
                                                                                                                                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 008F188B
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 008F1894
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 008F189C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 008F18A5
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F18AC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b8441044dd6da01261c9ebb56d09458b8a5b60d229e60207c9768dfa2afa097
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9366f82320da1377446cc83df21c79aa5d93bb69bdba0f6ee770553e3302b352
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b8441044dd6da01261c9ebb56d09458b8a5b60d229e60207c9768dfa2afa097
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EFE0E5B601C501BBDB115FA1ED0D90EBF39FF49B22B208620F22581075CB329432EF50
                                                                                                                                                                                                                                                                                                                                                                      Function 008FC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008FC6EE
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008FC735
                                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008FC79C
                                                                                                                                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 008FC7CA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7f03fe921b01d46abce8a5ac4e83e67a6a0e4237ed76dc946ec3b5b9e82cbc66
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9dc2b56abebf46eddb74e9a0b7973a0833bec75c3f91d596068b0da56ccf200c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f03fe921b01d46abce8a5ac4e83e67a6a0e4237ed76dc946ec3b5b9e82cbc66
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E751FF7161830C9BD714AF3CCA84A7B77E4FF89314F080A2DFA91D21A0DB64DA04CB52
                                                                                                                                                                                                                                                                                                                                                                      Function 0091AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 0091AEA3
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 0091AF38
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0091AF67
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bae1d22b9ff3b35d5c0679cda72f12ff52a85a6fff9ed08313b0e91fb2152696
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a0c46bd643ca9c00889b24b1f5d8d383344979f7e2bd875f09d352614bc38b43
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bae1d22b9ff3b35d5c0679cda72f12ff52a85a6fff9ed08313b0e91fb2152696
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87713775A006199FCB14EF58C484A9EBBF4FF08314F048499E816AB3A2C775ED85CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 008F719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 008F7206
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 008F723C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 008F724D
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008F72CF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 279d0af7ee091cada4c303505f3116fc89a0e2fc0ca3d8f4bba1ac5372c4bc2e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 36f87cb9f829e51b57e1f5932161cd46d6297e31bde84e300c10442857d4c881
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 279d0af7ee091cada4c303505f3116fc89a0e2fc0ca3d8f4bba1ac5372c4bc2e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C416471604208DFEB15CF64C885AAA7BB9FF44314F1480ADBE06DF20AD7B1D945DBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00923D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00923E35
                                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00923E4A
                                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00923E92
                                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00923EA5
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2ad7abd2a4ad207f45cd08c01df3d9a2624ca250d76648dd510d55eb3ecc3a0a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7f9a09f8ccb554807fb5ae09e4c9835d687979b188446115cd6d806225fd61d6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ad7abd2a4ad207f45cd08c01df3d9a2624ca250d76648dd510d55eb3ecc3a0a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52416A75A10219AFDB10DF50E884EAABBB9FF48350F058029F905A7250D738EE49DF91
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 008F1E66
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 008F1E79
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 008F1EA9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8a1bae3fd8d8f60d9d044b718bc2ea1dde8b065a45f58d822de95a06361932b6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f879df4a10f91db22a8f3084f8c8e93f623f407823ccb268df519e9a891be1ad
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a1bae3fd8d8f60d9d044b718bc2ea1dde8b065a45f58d822de95a06361932b6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A521E571A00108BADF14ABB9DC59CFFB7B8FF45364B144129F925E71E1DB34490AD621
                                                                                                                                                                                                                                                                                                                                                                      Function 00922F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00922F8D
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00922F94
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00922FA9
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00922FB1
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c8ef3c2749f503ebb21a8fb4040a25deb044eb97a6a295d9d45c29a0f453641e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 17a8b5ca5daf193e63c7f3f14043255c30bf4c8ec3b5813a290b7c59d7391452
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8ef3c2749f503ebb21a8fb4040a25deb044eb97a6a295d9d45c29a0f453641e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4521AE71204215BBEB208F64ED80FFB77BDEB59364F100618F950D2198D771DC51A760
                                                                                                                                                                                                                                                                                                                                                                      Function 008B4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008B4D1E,008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002), ref: 008B4D8D
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008B4DA0
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,008B4D1E,008C28E9,?,008B4CBE,008C28E9,009588B8,0000000C,008B4E15,008C28E9,00000002,00000000), ref: 008B4DC3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 57d2189672784ec5dbc28f44ae14053a8234771764cdb62c03eaacbe2d800155
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 219a1ab693b85528c9f5fc67158d99352c3ecb95ecacb7628ea07242050373e8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57d2189672784ec5dbc28f44ae14053a8234771764cdb62c03eaacbe2d800155
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2F0AF70A14208BBDB209F90DC0ABEEBBB4EF44752F0400A4F806E22A1CB305941EF90
                                                                                                                                                                                                                                                                                                                                                                      Function 00894E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E9C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00894EAE
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00894EDD,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894EC0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bb3764242af25ccf8875f94623771d38bf81281cd4fe5137e1873f013118601e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a9076c19f736bd579ecdd0468ec54184cc2291c82589bf86e75f5e575a6dbaea
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb3764242af25ccf8875f94623771d38bf81281cd4fe5137e1873f013118601e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDE08675A195225B973127257C19E5F6654FFC1B737090115FC05D2101DB60CD0791E0
                                                                                                                                                                                                                                                                                                                                                                      Function 00894E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E62
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00894E74
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,008D3CDE,?,00961418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00894E87
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a7b161a1ee95379cf5ea520ff6fd16736da689df435fe526461b3b213e3bd779
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ac867e7de419affc7306ff5c3b30c6475d0139bbc80c339d1563c5a03f36ff9f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7b161a1ee95379cf5ea520ff6fd16736da689df435fe526461b3b213e3bd779
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CD0C23292AA31574A322B257C09D8F2A18FF85B653490110BC04E2215CF20CD13D1D0
                                                                                                                                                                                                                                                                                                                                                                      Function 00902947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902C05
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00902C87
                                                                                                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00902C9D
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902CAE
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00902CC0
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 286bf68531e11936f99c94a778d75d0daad172d56e7605b195706ca8386aec56
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e40e45d5a45c50a0efa2856419dc371cdbf4534d2142af3f02765566630b5abb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 286bf68531e11936f99c94a778d75d0daad172d56e7605b195706ca8386aec56
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFB12071D00119AFDF25EBA4CC89EDEB7BDFF49350F1040A6FA09E6191EA349A448F61
                                                                                                                                                                                                                                                                                                                                                                      Function 0091A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0091A427
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0091A435
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0091A468
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0091A63D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 670eeeacfe6bcf670f1a57c3a9d5e6b77d524262143cab812119e40f78951984
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 647ecda9a7908990410be67196bf5de33223349a39720ad3b97c59b0e3bf0dc1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 670eeeacfe6bcf670f1a57c3a9d5e6b77d524262143cab812119e40f78951984
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80A17E716043009FD720EF28D886B2AB7E5FF84714F14885DF55ADB292DBB1EC418B92
                                                                                                                                                                                                                                                                                                                                                                      Function 008CBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00933700), ref: 008CBB91
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0096121C,000000FF,00000000,0000003F,00000000,?,?), ref: 008CBC09
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00961270,000000FF,?,0000003F,00000000,?), ref: 008CBC36
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CBB7F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CBD4B
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d0d6133b49713e9cbf8528494a207a4b5d191d570234197e9311b2324af7d795
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e8947c7710687a81c8ee79ab6ac1f377d6d0f82a1de2e74668f5e5eea735344
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0d6133b49713e9cbf8528494a207a4b5d191d570234197e9311b2324af7d795
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0451E571904609AFCB14EF799C82EAEB7B8FF40360F14426EE520D7291EB70DE409B51
                                                                                                                                                                                                                                                                                                                                                                      Function 008FE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008FCF22,?), ref: 008FDDFD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008FCF22,?), ref: 008FDE16
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FE199: GetFileAttributesW.KERNEL32(?,008FCF95), ref: 008FE19A
                                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 008FE473
                                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 008FE4AC
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008FE5EB
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008FE603
                                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 008FE650
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f62705e242f4c59cfc6c754ebe85f4b3fc2837e9be5a967aacc7b7268909d68e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b836fc3e9e8f83436bfbbf3786878aa04d47553aa0371e64b8f2bcb9f570db5b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f62705e242f4c59cfc6c754ebe85f4b3fc2837e9be5a967aacc7b7268909d68e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF5120B24087495BC724EBA8DC819EB73DCFF94344F00492EF689D3161EE75A6888767
                                                                                                                                                                                                                                                                                                                                                                      Function 0091B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0091B6AE,?,?), ref: 0091C9B5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091C9F1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA68
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091C998: _wcslen.LIBCMT ref: 0091CA9E
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0091BAA5
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0091BB00
                                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0091BB63
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 0091BBA6
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0091BBB3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4853edd2dbe853952310f745895acb21110cef82d40ecd5ecb51613c4ff113eb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9686adb7d86a8109ce1aabb3238a91cba2389f20b442ecc980cadea9b9c0fbfc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4853edd2dbe853952310f745895acb21110cef82d40ecd5ecb51613c4ff113eb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E61B571208245EFD714DF18C490E6ABBE9FF84308F54895DF4998B2A2DB31ED85CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 008F8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 008F8BCD
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 008F8C3E
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 008F8C9D
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 008F8D10
                                                                                                                                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 008F8D3B
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e946fbc4b7f533ffc11d703534dcd48bbd09719877656c8e6a7d8c44340fe803
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67283b9025c256c4d99c309737b2b1f6b31b8f42394fa46bf94832354ac0459a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e946fbc4b7f533ffc11d703534dcd48bbd09719877656c8e6a7d8c44340fe803
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 315178B5A00619EFCB10DF68C884AAAB7F9FF89314B158559FA09DB354E730E911CF90
                                                                                                                                                                                                                                                                                                                                                                      Function 00908AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00908BAE
                                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00908BDA
                                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00908C32
                                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00908C57
                                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00908C5F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4cc4e3e8fcf9289dbb192baac425df5c066fc7ae53e6235c206bf7d76e3cb0c0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5b6b4af71a70197069028913bcf2055378c93cef6636658d25bab227af701da3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cc4e3e8fcf9289dbb192baac425df5c066fc7ae53e6235c206bf7d76e3cb0c0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89513835A002149FDF11EF68C880A6ABBF5FF49314F088458E849AB3A2DB35ED51CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00918EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00918F40
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00918FD0
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00918FEC
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00919032
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00919052
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00901043,?,761DE610), ref: 008AF6E6
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,008EFA64,00000000,00000000,?,?,00901043,?,761DE610,?,008EFA64), ref: 008AF70D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ffe4875f20ab971f211586ee2b5d99aebd584a0ccf18d4466f2bc52993746a9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7b01fa639d463f72f95aea343542e33fc65fc392ecf25cfcffb75f9318ea22a4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ffe4875f20ab971f211586ee2b5d99aebd584a0ccf18d4466f2bc52993746a9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62515D35604209DFCB15EF58C4948EDBBF5FF49314B0980A8E806AB362DB31ED86CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00926B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00926C33
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00926C4A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00926C73
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0090AB79,00000000,00000000), ref: 00926C98
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00926CC7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1df5a5c123dea75a92825240a165569080cf1547059d323ab24ef1d5f8bf6cac
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 38402f44143c325de33a25f304860ed3e37a8b041f4d4a3f14e708bc8bb4dfcb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1df5a5c123dea75a92825240a165569080cf1547059d323ab24ef1d5f8bf6cac
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E411975A08124AFD724EF28EC54FA97BA9EB09360F140268FAD5E76E4C371ED41DA40
                                                                                                                                                                                                                                                                                                                                                                      Function 008C2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1001099342ee0e75326a010fbac857561d4084ce84ddb9916e62635b5a68112f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c9996cdf585df99e861454ddd6486121cd2dfc26f8f375058236e0b607dcd33c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1001099342ee0e75326a010fbac857561d4084ce84ddb9916e62635b5a68112f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3641AC72A002049FDB24DFB8C881F59B7B5FF89314F1545ADE615EB292DA31E901CB81
                                                                                                                                                                                                                                                                                                                                                                      Function 008A912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 008A9141
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 008A915E
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 008A9183
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 008A919D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9461139d6277a8b5c4af5de617da8afdb5bbd3f372f5b3196869e30a8cec38db
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ada97c0dbfb87d778ce59bc92143b4b8b4b32aaf5670809ff9b06338621777b9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9461139d6277a8b5c4af5de617da8afdb5bbd3f372f5b3196869e30a8cec38db
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78417D71A0C65AFBDF159F68C848BEEB774FF06324F20821AE469E7290C7346950DB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00903874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 009038CB
                                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00903922
                                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0090394B
                                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00903955
                                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00903966
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b6ef675ebc704942df552debba786d1ad856a8f3874756b81c86cd44180c630b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6723ec51ac6f82d924e7cfe5409d539c65ddb55a0b94889c800be323648f33e2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6ef675ebc704942df552debba786d1ad856a8f3874756b81c86cd44180c630b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C531B370928341DFEB39CB359949FB637ACAB05304F08856DE472C21E0E3F49A85EB51
                                                                                                                                                                                                                                                                                                                                                                      Function 0090CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0090C21E,00000000), ref: 0090CF38
                                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 0090CF6F
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFB4
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFC8
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0090C21E,00000000), ref: 0090CFF2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b5bab1f733b15192f941666827c63c05ba0a19a3a8c5f74dae25cd2192289769
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ffd49d1829d296ac4c12628e91b0cf321d674bb8a5bd388dadb51902435f500f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5bab1f733b15192f941666827c63c05ba0a19a3a8c5f74dae25cd2192289769
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D317AB1604206EFDB20DFA9C884AAFBBFDEF04351B10452EF616D2181DB30EE419B61
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 008F1915
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 008F19C1
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 008F19C9
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 008F19DA
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008F19E2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6bb881217acb38fe42ddb2cce22df4ce6871f358605b7b6f14137a4a0fc7b958
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e6b6df2bb3951edd50de96c3c03d1d11998ba801a70c3e9ea41bed13638d8faf
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bb881217acb38fe42ddb2cce22df4ce6871f358605b7b6f14137a4a0fc7b958
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95318A71A1021DEFDB14CFB8C999AAE3BB5FB04315F504229FA21E72D1C7B09954DB90
                                                                                                                                                                                                                                                                                                                                                                      Function 00925706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00925745
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0092579D
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009257AF
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009257BA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00925816
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8256d361bcb5061a66a65b7e1ac5d08c3d6e9610825105fab9137ca77d1df4af
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d9666ce7efdd1eb66adc868745c91574878c5d5a9e11b646e81e3ffc1802278
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8256d361bcb5061a66a65b7e1ac5d08c3d6e9610825105fab9137ca77d1df4af
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F921B675904628DADB209FA5EC85AEDBBBCFF44324F108216F929EB198D770C985CF50
                                                                                                                                                                                                                                                                                                                                                                      Function 00910930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00910951
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00910968
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 009109A4
                                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 009109B0
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 009109E8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 06998ed2f48ea3e09dcf7163dc4beaf85a85ea81796c49116a935ffa5c75f7c4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fc889a01492ca9adfea521cf862d1981071a8fcec171d842f30157e5b80be1bd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06998ed2f48ea3e09dcf7163dc4beaf85a85ea81796c49116a935ffa5c75f7c4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E321C375600204AFD714EF68D884AAEBBF9FF84740F048428F84AD7762CB70AC44DB90
                                                                                                                                                                                                                                                                                                                                                                      Function 008CCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 008CCDC6
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008CCDE9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008CCE0F
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CCE22
                                                                                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008CCE31
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a034f443395a7efa69df6fc338c9c9c803142cbef118e70b238a58928e623ca1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d73f9b554fad4a2e0bb1596c8c476f08a29b4d2e9e5b0b9c932c01681ba3238
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a034f443395a7efa69df6fc338c9c9c803142cbef118e70b238a58928e623ca1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701D4B26056157F232116BAAC88E7F6A7DFEC7BA1315012DF909C7201EB71CD0291F0
                                                                                                                                                                                                                                                                                                                                                                      Function 008A9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                                                                                                                                                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 008A96B9
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d0407b687efd80d9f58b1909e6e537fc7006cfd32cf3123b871ed927c97c7954
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6a1816ec7d534e1a8ac2de670f15f3d82c4d3534b3e21bc1eebd86c87e8a9797
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0407b687efd80d9f58b1909e6e537fc7006cfd32cf3123b871ed927c97c7954
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82217F7082E305EBEF119F68ED157A93BA8FF22355F18021AF450E61A1D3B05891EF94
                                                                                                                                                                                                                                                                                                                                                                      Function 008F5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4a173d51d62db05dab024dd6f6a04a15afea57be95124c231341d7269c4a20a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67f9b8b4b3f4b2716e3f6f5c0dc6c0ab026919c34c800428fced8593851aac38
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4a173d51d62db05dab024dd6f6a04a15afea57be95124c231341d7269c4a20a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2201B562645A1DBBD608A525AD92FFB739CFB65398F504030FF09DE341F764ED1082A1
                                                                                                                                                                                                                                                                                                                                                                      Function 008C2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,008BF2DE,008C3863,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6), ref: 008C2DFD
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2E32
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2E59
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00891129), ref: 008C2E66
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00891129), ref: 008C2E6F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2df209b11a80dd567f5c274873663bca9bd5edacc30bb7791281583b4ec42dd9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bf2116d3df90e41343924c1d8d59a0181fb843271b4df70c654ae7389176c533
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2df209b11a80dd567f5c274873663bca9bd5edacc30bb7791281583b4ec42dd9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6201F476209B046BCA2267796C45F2F267DFBC13B6B20442CF421F21D3EB30CC065121
                                                                                                                                                                                                                                                                                                                                                                      Function 008F000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?,?,008F035E), ref: 008F002B
                                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0046
                                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0054
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?), ref: 008F0064
                                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008EFF41,80070057,?,?), ref: 008F0070
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3c59fabc5d1f2be3a4f8ae39bd8c1197525a8071cd0381f4eb8bd16da40595ef
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 996d81a607fe431b0494c991840a1f8bfc2b7d8be3bd84f0a2ba8ac2306009da
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c59fabc5d1f2be3a4f8ae39bd8c1197525a8071cd0381f4eb8bd16da40595ef
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA0171B2610608BFDB204F64DC04BAE7AADEB84751F144114FA05D2211EB71DD459BA0
                                                                                                                                                                                                                                                                                                                                                                      Function 008FE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 008FE997
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 008FE9A5
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 008FE9AD
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 008FE9B7
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 008FE9F3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: af1b562f98bf66f7b4a1a1d62c8abf7aeeb487b37fbb805fdb5e7419e666fd68
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7834fbcbb7eedc4f9506254d4788c0ef7d379653e8b186cd35a6a7eeecee5058
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af1b562f98bf66f7b4a1a1d62c8abf7aeeb487b37fbb805fdb5e7419e666fd68
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35013571E09A2DDBCF10ABF4D849AEDBB78FB09700F000546E602F2261CB7096569BA1
                                                                                                                                                                                                                                                                                                                                                                      Function 008F10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008F1114
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1120
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F112F
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008F0B9B,?,?,?), ref: 008F1136
                                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008F114D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 47f43c93035eee5af57bb43a6c12ce668e3074bac4f66ef9037bc1c75ac4b640
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b0e202b6b73844dc29a0a72f57d7ec85bb6dca52e81211b43f60cdaefbdc648f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47f43c93035eee5af57bb43a6c12ce668e3074bac4f66ef9037bc1c75ac4b640
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7016DB9104205BFDF214F64DC4DA6A3B6EFF85360B100414FA41C3350DB31DC419A60
                                                                                                                                                                                                                                                                                                                                                                      Function 008F0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008F0FCA
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008F0FD6
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008F0FE5
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008F0FEC
                                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008F1002
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e673f34a0e0819afe7bee31f064819c4e09d33a569848f1d91c6eda0c1a1cd8a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 97448b9584348cb438b3f5d48a3c354d16ac5c9e7afff3853ad89acc9d50fa43
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e673f34a0e0819afe7bee31f064819c4e09d33a569848f1d91c6eda0c1a1cd8a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF0A9B6204305EBDB214FA49C4EF6A3BADFF89B62F200424FA05C7251CA30DC419A60
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008F102A
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008F1036
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1045
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008F104C
                                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1062
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f886856b2fb3f44aae107a1c3d516cb1e02c879986ad7b0b9b5883a13471a06e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 070d71bfa0f79a19346e78b50a700fab24018a4a207f4fbfa06868335311854a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f886856b2fb3f44aae107a1c3d516cb1e02c879986ad7b0b9b5883a13471a06e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9F0CDB5204305FBDB219FA4EC4DF6A3BADFF89761F200424FA05C7250DE30D8419A60
                                                                                                                                                                                                                                                                                                                                                                      Function 0090030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900324
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900331
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 0090033E
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 0090034B
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900358
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0090017D,?,009032FC,?,00000001,008D2592,?), ref: 00900365
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a70286d7a276c6f695caf05ed1656fc8b8be2b20623b2aabdeadd3834bfbd97e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 276c55b596440314da5acc0843647361ac6e35d7cf47d2e9dce4a3a0b43bb3f3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a70286d7a276c6f695caf05ed1656fc8b8be2b20623b2aabdeadd3834bfbd97e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E01EE72800B019FCB31AF66D880902FBF9BFA03153148A3FD19692970C3B0A948DF80
                                                                                                                                                                                                                                                                                                                                                                      Function 008CD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD752
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD764
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD776
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD788
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008CD79A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d80c708097eca318eea6d483ce4b90e4061137d5fc4d959bbf6389c6ded3a345
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e220a14fc45e069b7df2c685ff5378f8a168b71b0e6cce5ece74675722851d2e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d80c708097eca318eea6d483ce4b90e4061137d5fc4d959bbf6389c6ded3a345
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89F037B2558304AB8625FB69F9C6E1A7BFDFB04311BA5081DF048E7642CB30FC808A61
                                                                                                                                                                                                                                                                                                                                                                      Function 008F5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 008F5C58
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 008F5C6F
                                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 008F5C87
                                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 008F5CA3
                                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 008F5CBD
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6511f8eb139255b77cdeed87096aac5d11d292b43a55f7a9237b721266b6b332
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d20906090c618459d25deeb3a0a387d6f8060e8a5cb43eb1af1dc74e0ebf390
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6511f8eb139255b77cdeed87096aac5d11d292b43a55f7a9237b721266b6b332
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B018170514B08ABEB305B20DD5EFBA77B8FF00B06F040559A783E14E1DBF4A9899B91
                                                                                                                                                                                                                                                                                                                                                                      Function 008C22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C22BE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000), ref: 008C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C29C8: GetLastError.KERNEL32(00000000,?,008CD7D1,00000000,00000000,00000000,00000000,?,008CD7F8,00000000,00000007,00000000,?,008CDBF5,00000000,00000000), ref: 008C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C22D0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C22E3
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C22F4
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C2305
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f919aef6e75ff38344997cea10890333bd8590f4d90880da6e8ca4647b2b873
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fcf8f3d53e1d20d05e742ada8fada829316d2f76b2c9be80c436352b64ef00b2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f919aef6e75ff38344997cea10890333bd8590f4d90880da6e8ca4647b2b873
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26F03AB08693209FC612AF58BC41E093FB4F718762744050EF420D22F1CBB18911FFA5
                                                                                                                                                                                                                                                                                                                                                                      Function 008A95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 008A95D4
                                                                                                                                                                                                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,008E71F7,00000000,?,?,?), ref: 008A95F0
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 008A9603
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 008A9616
                                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 008A9631
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 122f25731a0fa83f256ecef8895bdbd307b6c5ea393627ae9111fe9819ece7ab
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a5f51ffb634a40b581750eb80dca655265090404dddb4d56790917903653e318
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 122f25731a0fa83f256ecef8895bdbd307b6c5ea393627ae9111fe9819ece7ab
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FF0313042D204EBEB265F55FE1D7683B65FB12362F088218F455954F1C7B04556FF60
                                                                                                                                                                                                                                                                                                                                                                      Function 008C0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3caa4be8e072c86c4eb47f656362b12cf226671f3d50c6b1aecaf40434c3c379
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 60eeb540458e2c2d5863636a0b0b1195d138fd9e66eac892b798ebbca2836d80
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3caa4be8e072c86c4eb47f656362b12cf226671f3d50c6b1aecaf40434c3c379
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EAD1BD3591024A8ADF249F68C8D9FBAB7B1FB07708F28415EE501DBA52D379DD80CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00917B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B0242: EnterCriticalSection.KERNEL32(0096070C,00961884,?,?,008A198B,00962518,?,?,?,008912F9,00000000), ref: 008B024D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B0242: LeaveCriticalSection.KERNEL32(0096070C,?,008A198B,00962518,?,?,?,008912F9,00000000), ref: 008B028A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B00A3: __onexit.LIBCMT ref: 008B00A9
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00917BFB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B01F8: EnterCriticalSection.KERNEL32(0096070C,?,?,008A8747,00962514), ref: 008B0202
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B01F8: LeaveCriticalSection.KERNEL32(0096070C,?,008A8747,00962514), ref: 008B0235
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6e9d5c228ac93ddde43cf2d10e3e5b2db548ca003c853ba391ec3d1fc76402a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7aa298177f067df131bb56e170bef14bb37a814fc3d1c2a73f284fa7b4dc3ba9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e9d5c228ac93ddde43cf2d10e3e5b2db548ca003c853ba391ec3d1fc76402a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73917A74B0420EAFCB14EF98D8819EDB7B5FF88304F148459F8469B291DB71AE81CB51
                                                                                                                                                                                                                                                                                                                                                                      Function 008F2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008F21D0,?,?,00000034,00000800,?,00000034), ref: 008FB42D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 008F2760
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008F21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 008FB3F8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FB32A: GetWindowThreadProcessId.USER32(?,?), ref: 008FB355
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,008F2194,00000034,?,?,00001004,00000000,00000000), ref: 008FB365
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,008F2194,00000034,?,?,00001004,00000000,00000000), ref: 008FB37B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008F27CD
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008F281A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5532e864ecb6f37e637ea34c78d954de26e0ade6a4c2252d4561cf38fc4465fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c383f6e20b7b1719edc9e24200a411f503b62a9e1fe7da3e8d31f211c34bf04a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5532e864ecb6f37e637ea34c78d954de26e0ade6a4c2252d4561cf38fc4465fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42411B7290021CAFDB10DBA8CD46AEEBBB8FF09740F104095FA55B7181DB706E45CBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 008C172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\nM0h824cc3.exe,00000104), ref: 008C1769
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C1834
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 008C183E
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\nM0h824cc3.exe
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-4240618479
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 930f1782384b36f21632587f5d8da5258ca59e78d7efa5ad08403f4632adf395
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5f95644aebd25d4ce72e63cf962eb40b61bba765640776cd6d8a69a93b7cd1f5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 930f1782384b36f21632587f5d8da5258ca59e78d7efa5ad08403f4632adf395
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62316F75A44218AFDF21DF9998C9E9EBBFCFB86310B54416EF404D7212D6B0CA40DB91
                                                                                                                                                                                                                                                                                                                                                                      Function 008FC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 008FC306
                                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 008FC34C
                                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00961990,01805490), ref: 008FC395
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 27473bd67a85d90174df70c257c2c72c8531020e13e6a9c75897c8f813619e43
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 103c0392ddeb9e4e725056d77e3c994912495326254ba3a46a0c80d52e38d346
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27473bd67a85d90174df70c257c2c72c8531020e13e6a9c75897c8f813619e43
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A417B712083099BD720DF39D944A6ABBE4FF85354F14861DFAA5D7391D730AA04CA52
                                                                                                                                                                                                                                                                                                                                                                      Function 00924416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0092CC08,00000000,?,?,?,?), ref: 009244AA
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 009244C7
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009244D7
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eff2475c8fcdb0eea4b30f4e0a151a48680a388ce918a1fe73d328ffdc8111f1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d67d0135ecbdda65020d03da9a3c98208c8d9745b9bd216646e67d99e81e131
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eff2475c8fcdb0eea4b30f4e0a151a48680a388ce918a1fe73d328ffdc8111f1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C31BA71214625ABDF209E38EC45BEA7BA9EB09334F204714F975A21E4D770EC519B50
                                                                                                                                                                                                                                                                                                                                                                      Function 0091304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0091335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00913077,?,?), ref: 00913378
                                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0091307A
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0091309B
                                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000,?,?,00000000), ref: 00913106
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 14ddff50c709ee1b0552b4a304189ebc32e9a5971b62eae251812dd8259ecd0c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9aa60188fab69e354fc2bc79feb4820c1998bff5f1a7fe4ed7d9015d363fb410
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14ddff50c709ee1b0552b4a304189ebc32e9a5971b62eae251812dd8259ecd0c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD31B2357042099FCB20CF29C585AE977F4EF58318F24C099E9159B392D771EE85C761
                                                                                                                                                                                                                                                                                                                                                                      Function 00923EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00923F40
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00923F54
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00923F78
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c354afd905b0345a8f5acfb1c3442ddf27cf424fe2c203b58da740ed3505dc32
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ab3a7957af18ebda2469af9fd0ce7c60c36c62e8eff105e274c475867604fde2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c354afd905b0345a8f5acfb1c3442ddf27cf424fe2c203b58da740ed3505dc32
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8721EF32610229BBEF218F54EC42FEA3B79EF48718F110214FA05AB1D0D6B5AC55DB90
                                                                                                                                                                                                                                                                                                                                                                      Function 00924653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00924705
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00924713
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0092471A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a41d9ea3c27f2922c80e6cb0d585bf47f36881c58f35dcee83abdfab01b684e8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 996274fc62e9af973c04625607fd09e5bfb85faae05aef0d658af88744ca09fb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a41d9ea3c27f2922c80e6cb0d585bf47f36881c58f35dcee83abdfab01b684e8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6215EB5604219AFDB10DF68ECC1DAB37ADEB5A3A4B040059FA14DB351CB70EC11DB60
                                                                                                                                                                                                                                                                                                                                                                      Function 008F95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cfc0140f41737304c386c13aefdcab5e511276b0f4231841ed723c4fe117a1ae
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d66520282380af791397b6f10f89494d4bc46a63f3068f3af4c5ac009ebb7f83
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfc0140f41737304c386c13aefdcab5e511276b0f4231841ed723c4fe117a1ae
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8213832104129A6D731BA389C12FB773DCFFA5304F144026FB89DB141EB559D45C296
                                                                                                                                                                                                                                                                                                                                                                      Function 009237B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00923840
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00923850
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00923876
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 903ad6bc47a7ea7c9f9c38b7333a55f777521af78d38db5c34323c2eaca2f31d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bb7f2a593fe41276362a9338c56a98038bcc772df979cba5d3116759fb34e168
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 903ad6bc47a7ea7c9f9c38b7333a55f777521af78d38db5c34323c2eaca2f31d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A421D172610228BBEF218F64EC81FBB376EEF89754F10C124F9009B194C675DC528BA0
                                                                                                                                                                                                                                                                                                                                                                      Function 009049F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00904A08
                                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00904A5C
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,0092CC08), ref: 00904AD0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f37deec56e36ecc44e0012fb885a0c07e9d500751041ad3f3180f8165a89e3bb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 52583334355338b68ca4b17d1fdfb5540d3687894e3a4977e8198370ac9cba5f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f37deec56e36ecc44e0012fb885a0c07e9d500751041ad3f3180f8165a89e3bb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19313075A04109AFDB10DF58C885EAE77F8EF44308F1480A9F905DB252D771ED46CB62
                                                                                                                                                                                                                                                                                                                                                                      Function 009241EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0092424F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00924264
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00924271
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c204212f5b2aab71b01fc1f58505fc567bfbb66cef6b27d9523dcac92ad1aa71
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 859b0fbdb49f8756b09a404f2614ce29490bdd408a37c71bb27523a74adc9c37
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c204212f5b2aab71b01fc1f58505fc567bfbb66cef6b27d9523dcac92ad1aa71
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F110231240218BEEF209F69DC06FAB3BACEF95B64F010524FA55E20A0D2B1DC619B60
                                                                                                                                                                                                                                                                                                                                                                      Function 008F2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00896B57: _wcslen.LIBCMT ref: 00896B6A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008F2DC5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F2DD6
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F2DA7: GetCurrentThreadId.KERNEL32 ref: 008F2DDD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008F2DE4
                                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 008F2F78
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F2DEE: GetParent.USER32(00000000), ref: 008F2DF9
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 008F2FC3
                                                                                                                                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,008F303B), ref: 008F2FEB
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e3ccc3fa9890d249e6728b6157e5ccd4c203776fd56e31437d4331902cff76d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 64e0b0b8af70665d11d9ff2456bd06aa49a0bed4a8f783f184a6d5421a6be198
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e3ccc3fa9890d249e6728b6157e5ccd4c203776fd56e31437d4331902cff76d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B11190B16002096BCF14BF788C85EFD376AFF84314F044075BA09EB252EE70994A9B71
                                                                                                                                                                                                                                                                                                                                                                      Function 00925882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009258C1
                                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009258EE
                                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 009258FD
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2eb6b1ed8d3594a7fc1b699214dd4b9fd97d28082c3115100018afab47fb233b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8fab075a7c3c769a971878585ea293976800cc36107eb0c203718a32f7588d0a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2eb6b1ed8d3594a7fc1b699214dd4b9fd97d28082c3115100018afab47fb233b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC01C031514228EFDB209F51EC44FAEBBB8FF45360F108099F848DA165DB308A94EF21
                                                                                                                                                                                                                                                                                                                                                                      Function 008F007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 82fd82c879ba3e2ce31200dd62e86fd83288cb32c85ae1efcdf299202c12ba24
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4130767e3c14e18ebe636a3cab7592b375abbdb4300e7b0c8d3d5072d138eb31
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82fd82c879ba3e2ce31200dd62e86fd83288cb32c85ae1efcdf299202c12ba24
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADC12A75A0021AEFDB15CFA4C894ABEB7B5FF48704F208598E605EB252D731ED81DB90
                                                                                                                                                                                                                                                                                                                                                                      Function 008C3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c08e07e51b4fd94e79180bc41c65dcaf2998f5b0c10ab6e6b2f9086b70116184
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CA13571E107869FDB21CE18C8A1FAABBF5FF65350F18816EE585DB282C634C982C751
                                                                                                                                                                                                                                                                                                                                                                      Function 0091342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 007f39782362a5b128634a20133e948b4652f9ec0c6ce221adcf943a3b43456a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 742f202015e15bc9f9fc1bf0996dde310161d19123fc40c7d44675c433d21e2c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 007f39782362a5b128634a20133e948b4652f9ec0c6ce221adcf943a3b43456a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1A13A753082049FDB10EF28C585A6AB7E5FF88710F098859F98ADB362DB30ED45CB52
                                                                                                                                                                                                                                                                                                                                                                      Function 008F0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F05F0
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F0608
                                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,0092CC40,000000FF,?,00000000,00000800,00000000,?,0092FC08,?), ref: 008F062D
                                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 008F064E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9bad9861abfa99440f53a438982106ed930d28ce6e0eba9738933c111f0763b0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26ce51c5aff3e83f511b9377f9417743ca22f17b4ca6402062f8b1063042c107
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bad9861abfa99440f53a438982106ed930d28ce6e0eba9738933c111f0763b0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1481D975A00209EFCB04DFA4C984DEEB7B9FF89315B204558E616EB251DB71AE06CF60
                                                                                                                                                                                                                                                                                                                                                                      Function 0091A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0091A6AC
                                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0091A6BA
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0091A79C
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0091A7AB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008ACE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,008D3303,?), ref: 008ACE8A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 88c21f99102113eff2237cd934e8e272c62091ff68a8a0d4dcd943b17ce2623b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 86b233e5b4786c7cd723c5340a458d6f8b93d5101d43d6bb31081086cbb7fa6f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88c21f99102113eff2237cd934e8e272c62091ff68a8a0d4dcd943b17ce2623b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5512B71608300AFD710EF28C886A6BBBE8FF89754F44492DF595D7252EB70E904CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 008D1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 89070ddf0fdda9ee470bb391120bc39a19c4b3944ebb2fb53891fad9bfcd25a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a1279d3e089065fa9cfddb69c944f2229467312d94438136aa2f59905e33132
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89070ddf0fdda9ee470bb391120bc39a19c4b3944ebb2fb53891fad9bfcd25a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47412475A00504BBDF256ABD9C4EAAE3BB7FF41330F24432BF418D2392E67488415267
                                                                                                                                                                                                                                                                                                                                                                      Function 00926278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 009262E2
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00926315
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00926382
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6b30a8aa40d2b6126ed9fbf550d9b704b5868d3a4114cee7ed26577e57fc5910
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 798bface995f71b5cf6cd1ac41f0f252c0ad0f7197750c5d839f295922deb718
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b30a8aa40d2b6126ed9fbf550d9b704b5868d3a4114cee7ed26577e57fc5910
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6512B74900219EFCF24DF68E880AAE7BB9FF45360F108159F855976A4D730AD41DB90
                                                                                                                                                                                                                                                                                                                                                                      Function 00911AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00911AFD
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00911B0B
                                                                                                                                                                                                                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00911B8A
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00911B94
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 601bca06601fcda3590bbf91bb3637ed9d92aff5db98ff84313f464c447f84b6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 59caa3116eee64fede5f6db0402b6df154ed850fc9040ffe5ca55cc64c2faa40
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 601bca06601fcda3590bbf91bb3637ed9d92aff5db98ff84313f464c447f84b6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5141D5747402006FEB20AF24C886F6977E5FB44718F588458F6199F7D2D772ED818B91
                                                                                                                                                                                                                                                                                                                                                                      Function 008CB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bac22f416fec5f2bf2208fe80ca2d466cadaf261f1b52cd597e293bec2ca1e98
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e72b8d36d85f8e7ebf2f4de132728259fb73fa95fd62b10238296a765e08dc96
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bac22f416fec5f2bf2208fe80ca2d466cadaf261f1b52cd597e293bec2ca1e98
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0041C175A04B04AFD7289F7CC842FAABBB9FB88710F10862EF141DB282D771D9018781
                                                                                                                                                                                                                                                                                                                                                                      Function 009056D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00905783
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 009057A9
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009057CE
                                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009057FA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e3e8e560df0a048135829d047a4dc9211116fbecbbe0354182028d773b3090f5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5385bc8e31355a438028d2b0756fcd2278fc72a1f741eea3d6697b52e461d3f2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3e8e560df0a048135829d047a4dc9211116fbecbbe0354182028d773b3090f5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B410935614610DFCF11EF19C544A1EBBE5FF89320B1A8488E84A9B362CB34FD419B92
                                                                                                                                                                                                                                                                                                                                                                      Function 008CD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,008B6D71,00000000,00000000,008B82D9,?,008B82D9,?,00000001,008B6D71,8BE85006,00000001,008B82D9,008B82D9), ref: 008CD910
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008CD999
                                                                                                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 008CD9AB
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 008CD9B4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008C3820: RtlAllocateHeap.NTDLL(00000000,?,00961444,?,008AFDF5,?,?,0089A976,00000010,00961440,008913FC,?,008913C6,?,00891129), ref: 008C3852
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c1ec47517e66a7a9cac3521f4e9b84053197cb04568473857172fabddd0a503
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f079282be524134ace47738c51287a74fd8e35d494c0b509a7050da71d6da63f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c1ec47517e66a7a9cac3521f4e9b84053197cb04568473857172fabddd0a503
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C31AD72A0020AABDF24EF69DC85EAE7BB5FB41310B05426CFC04DA291EB35CD55CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 009252C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00925352
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00925375
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00925382
                                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009253A8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5eabcf720bd80113ef99abef95dbf76e888e3d428370175af2a221caceb8894
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9e29a58f8dca7897d40da7ea534f2dfb486d59b99833f767306e52895e082f7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5eabcf720bd80113ef99abef95dbf76e888e3d428370175af2a221caceb8894
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6331F670A69A28EFEF34DF14EC05FE83769AB043D0F596401FA10961E4C7B49D40EB81
                                                                                                                                                                                                                                                                                                                                                                      Function 008FAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,7707C0D0,?,00008000), ref: 008FABF1
                                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 008FAC0D
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 008FAC74
                                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,7707C0D0,?,00008000), ref: 008FACC6
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c68e3abd3e4f788650584ce442043a80a16b798156a7cf98bf845534ad52238f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a6fac4739232d13d0a6ebad90cf6ba2d9becfb0c7119e95d927b2228646300dd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c68e3abd3e4f788650584ce442043a80a16b798156a7cf98bf845534ad52238f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 583116B0A0471CAFEB388B75CC047FE7AA5FB49320F04421AE689D22D0D37589859752
                                                                                                                                                                                                                                                                                                                                                                      Function 00927674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0092769A
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00927710
                                                                                                                                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,00928B89), ref: 00927720
                                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 0092778C
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a7f5894a961813bf3d387967eea9afa8ce53fa52048ae5c671b2d20f44eb78c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bfddaac8164bbb246eb0ffafecfbecf5c625249e7f449b394fe14045c6415a16
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a7f5894a961813bf3d387967eea9afa8ce53fa52048ae5c671b2d20f44eb78c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA41BF34609225DFCB11CF98E894EA9B7F8FF49304F1840A8E814EB269C370E942DF90
                                                                                                                                                                                                                                                                                                                                                                      Function 009216DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 009216EB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008F3A57
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: GetCurrentThreadId.KERNEL32 ref: 008F3A5E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008F25B3), ref: 008F3A65
                                                                                                                                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 009216FF
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 0092174C
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00921752
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 569325f60ef5cadb35debbecf0baab3b7162b148bde2ece5391a56d5869d3013
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7e41268c6ca2ba7f501f07f915b7499d5e9f874fb4aeb573265cd53d5c692f0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 569325f60ef5cadb35debbecf0baab3b7162b148bde2ece5391a56d5869d3013
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98314171D00159AFCB10EFAAC881CAEB7FDFF88304B548069E415E7211EB319E45CBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 00928FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00929001
                                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,008E7711,?,?,?,?,?), ref: 00929016
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0092905E
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,008E7711,?,?,?), ref: 00929094
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c69698f5cee9c2f3ecf27dabacb501b6cdb5bd8aaa9ac061e8e31e3811d93e73
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 32ba5bd4a1cd5ccaf7a5c060a8f8ec7ddd98a88ba959f6d9f5d89c4e1622b8b7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c69698f5cee9c2f3ecf27dabacb501b6cdb5bd8aaa9ac061e8e31e3811d93e73
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C521D131611028EFDB258F98EC58EFA3BB9FF8A360F044159F90587261C3359991EBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 008FD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,0092CB68), ref: 008FD2FB
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 008FD30A
                                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 008FD319
                                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0092CB68), ref: 008FD376
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7e0b90c92b7e803adc11f673bad25db16fbfd1bae55d82375e3bc6a9f1719332
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0f260e00316c9bdcbc2e5c2c4ec768b623e05182feebf32697b9a5932b1ee261
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e0b90c92b7e803adc11f673bad25db16fbfd1bae55d82375e3bc6a9f1719332
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43217E715093059F8710EF38C88186E77E5FE55324F244A1DF6A9C32A1EB31D946CB93
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008F102A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008F1036
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1045
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008F104C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008F1062
                                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008F15BE
                                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 008F15E1
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008F1617
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 008F161E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b4e1d2e701957b8902b02fc8172f477efa40ffa9767dfb803465ae2afad638e1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c8f79198c2246d97357567c91d74550cb1ecc7df74b7e8ceb5b42ce836940ce2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4e1d2e701957b8902b02fc8172f477efa40ffa9767dfb803465ae2afad638e1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6215571E00108EBDF10DFA4C949BEEB7B8FF94344F084459E541EB241E735AA05DBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00922782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0092280A
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00922824
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00922832
                                                                                                                                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00922840
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 99249512fe70acd0bb03a3135c3ded2759685ec4f0ee22dea253fe8272d92883
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a37063b9e522e960bc4e8f15effb0a8112a9cf4468e2279113067c982a12e8a0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99249512fe70acd0bb03a3135c3ded2759685ec4f0ee22dea253fe8272d92883
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E21D331209121BFD714AB24EC44FAA7B99EF85324F148258F426CB6E2CB75FC42CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 008F78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,008F790A,?,000000FF,?,008F8754,00000000,?,0000001C,?,?), ref: 008F8D8C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F8D7D: lstrcpyW.KERNEL32(00000000,?,?,008F790A,?,000000FF,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F8DB2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F8D7D: lstrcmpiW.KERNEL32(00000000,?,008F790A,?,000000FF,?,008F8754,00000000,?,0000001C,?,?), ref: 008F8DE3
                                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F7923
                                                                                                                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F7949
                                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,008F8754,00000000,?,0000001C,?,?,00000000), ref: 008F7984
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc09f6510844fa2eb2b2105280f98afeda8fbc62f710e5ec35644d0159be1d69
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 59872374963902ac81e67198721e3df609d09ca7b130a801a4debf293a721292
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc09f6510844fa2eb2b2105280f98afeda8fbc62f710e5ec35644d0159be1d69
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0611293A304305AFEB259F39CC45D7A77A5FF85350B40402AFA02CB2A5EB759811D791
                                                                                                                                                                                                                                                                                                                                                                      Function 00927CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00927D0B
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00927D2A
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00927D42
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0090B7AD,00000000), ref: 00927D6B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3fa4e5a4fea251a3521ddaba4b3045c0b620fef0b8f3f1a3b76c791afe5d33a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 389961a5b4fcd88ce375810800a1ca7647df326802876eae9373a06a2de5e052
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fa4e5a4fea251a3521ddaba4b3045c0b620fef0b8f3f1a3b76c791afe5d33a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4111D231119625AFCB108F68EC04E6A7BA9AF46360B154728F835E72F4D7309951DB50
                                                                                                                                                                                                                                                                                                                                                                      Function 00925660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 009256BB
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009256CD
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009256D8
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00925816
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6453d33c1820feb9e89b8dc1a04fe909a708f28de5743986acc7560e81473262
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd84743543f980d5c2b708a66201f49f14c492795880fed0937b23c2d64866a8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6453d33c1820feb9e89b8dc1a04fe909a708f28de5743986acc7560e81473262
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6211387560062896DF20DF65EC85AFE77BCFF10360F504426F915D6199E774CA84CB60
                                                                                                                                                                                                                                                                                                                                                                      Function 008C1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3fb6d26c475b6a8b5b92af036aa4ddda19e2b10b635d6c81d6fac47d33a00bf7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a62a5d7f87af05d0f2a068882d801cb21cdb35a7e05092f79ac88993496767e2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fb6d26c475b6a8b5b92af036aa4ddda19e2b10b635d6c81d6fac47d33a00bf7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31012CB2209A1A7EFA2126786CC5F67666DFF423B8B35032DF622D11D7DA70CC5051A1
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 008F1A47
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A59
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A6F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008F1A8A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1dec06718db233bd0ca63044cb45a6e6d8dcaf9ca5d75fa99849ae18dd11ca30
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 750c48f9d343d9e45917f30a6592ac7c18023ee596236027b370e9a5d68159c7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dec06718db233bd0ca63044cb45a6e6d8dcaf9ca5d75fa99849ae18dd11ca30
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C811F77A901229FFEF119BA5C985FADBB78FB08750F200091EA04B7290D7716E51DB94
                                                                                                                                                                                                                                                                                                                                                                      Function 008FE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 008FE1FD
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 008FE230
                                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 008FE246
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 008FE24D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 216f156306e76b2a8a0dcc422c5471e22bacffaf61431cca212f425ee7992e78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d31aab29ede730631f3d2aab7e3e9ce5c24457fdc85029fbcf95c8e5a5013109
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 216f156306e76b2a8a0dcc422c5471e22bacffaf61431cca212f425ee7992e78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 481108B2918258BBD7119FB89C05EAE7FACFB45320F144619F925E3391E2B0990097A0
                                                                                                                                                                                                                                                                                                                                                                      Function 008BD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,008BCFF9,00000000,00000004,00000000), ref: 008BD218
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 008BD224
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 008BD22B
                                                                                                                                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 008BD249
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f9bfb831f534cbb8ce986e377c24d36baab95e0f4a2b5f1fda2a4f16dedf7a7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d9176804ee7190e17d038734e6780790144f707bfa095af7e4cf304e8d54cab
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f9bfb831f534cbb8ce986e377c24d36baab95e0f4a2b5f1fda2a4f16dedf7a7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1301C476405309BBCB215BA9DC05BEE7A69FF81330F104219F925D22D1EB71990196A1
                                                                                                                                                                                                                                                                                                                                                                      Function 00929EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 008A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00929F31
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00929F3B
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00929F46
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00929F7A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c1e42d0786ef6b40a1397f480ee5ccdd321cd51489754ee8195380d2659865f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f535664f3eee255dbceff041aa3d4a08070f033030f57fc89c514883e20543dd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c1e42d0786ef6b40a1397f480ee5ccdd321cd51489754ee8195380d2659865f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C711337290422AABDB60DFA8E9899EE77B8FF45311F000455F911E3150D334BE86DBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 0089600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00896060
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3c32de1d6360b3bbeda2c5727e20c8255cccea8c33c6f6d4b7786b911dc35a5e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06475054b23b93f8439d38bc9ded5b8be98eb9c5b3cb40c4dc594ac5c3ab91d2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c32de1d6360b3bbeda2c5727e20c8255cccea8c33c6f6d4b7786b911dc35a5e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D51161B2505909BFEF225F949C94EEA7B6DFF183A4F080215FA14A2120D7329C60EB91
                                                                                                                                                                                                                                                                                                                                                                      Function 008B3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 008B3B56
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 008B3AD2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008B3AA3: ___AdjustPointer.LIBCMT ref: 008B3AED
                                                                                                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 008B3B6B
                                                                                                                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 008B3B7C
                                                                                                                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 008B3BA4
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd7f69345c1145cb169f70d04742fcbb0a6cc857663fc4095cc2161966690ea8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE010C32100149BBDF126E99CC46EEB7F6DFF58764F054014FE48A6221D732E961EBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 008C3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008913C6,00000000,00000000,?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue), ref: 008C30A5
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue,00932290,FlsSetValue,00000000,00000364,?,008C2E46), ref: 008C30B1
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008C301A,008913C6,00000000,00000000,00000000,?,008C328B,00000006,FlsSetValue,00932290,FlsSetValue,00000000), ref: 008C30BF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70f9b874865b3d9ff79edde9898a40747d0b89a130150700597576f379fac956
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29dc78262edc63637ed034c8e8f9bfa9239c889f03a68f7f2133f3e3ae7d55ac
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70f9b874865b3d9ff79edde9898a40747d0b89a130150700597576f379fac956
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E501FC73315A26ABC7314B78AC44F6777A8FF45761B108628F956D3140C731D903C6D0
                                                                                                                                                                                                                                                                                                                                                                      Function 008F7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 008F747F
                                                                                                                                                                                                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 008F7497
                                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008F74AC
                                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008F74CA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f1c816c952e505468976bba74103811dfc5b595a72b4ad07329a020740e51061
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: edb388fe435087a25e7e9f651e0c7f1b922b3d6a469a16ace76bcb25da837505
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1c816c952e505468976bba74103811dfc5b595a72b4ad07329a020740e51061
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58118BB1209319ABF7309F24EC09BA67BFCFB00B04F108569E616D7191D7B0E944DBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 008FB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0C4
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0E9
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB0F3
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008FACD3,?,00008000), ref: 008FB126
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f2c60a7b782ab5fc113e9abb707f0399b3ee08d45f9dddb62f9d257473ca4d45
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3f76639b403c8b03467e82f74c801e107f38e7731bde82dc8ff6df25c9fc562d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2c60a7b782ab5fc113e9abb707f0399b3ee08d45f9dddb62f9d257473ca4d45
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30117970C08A2DEBCF10AFF4E9A96FEBB78FF49311F004085DA41B2281DB3046919B61
                                                                                                                                                                                                                                                                                                                                                                      Function 008F2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008F2DC5
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 008F2DD6
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 008F2DDD
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008F2DE4
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 83dd3dd6f55e1ae36fdee80db46bc1a0fb7e97533fa8de9e01eef3d28ec7a98c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 87a785268d23765320b9063e35b5056cb82876f106046326ef4e952040c1003e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83dd3dd6f55e1ae36fdee80db46bc1a0fb7e97533fa8de9e01eef3d28ec7a98c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6E06DB111962C7BE7302B729C0EEFB7E6CFB42BA1F400215B205D10809AA48842D6F0
                                                                                                                                                                                                                                                                                                                                                                      Function 00928863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008A9693
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96A2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9639: BeginPath.GDI32(?), ref: 008A96B9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008A9639: SelectObject.GDI32(?,00000000), ref: 008A96E2
                                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00928887
                                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,?,?), ref: 00928894
                                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 009288A4
                                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 009288B2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 610e930ac1e129eb4a5608cf87dc42dca45165be9538c8877888d124a3e2121e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8c8db0735fb03b45bca9111309acb2e33eb9c421d088ddf6ab4ae5483e0fde28
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 610e930ac1e129eb4a5608cf87dc42dca45165be9538c8877888d124a3e2121e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0F05E3605A668FAEF225F94BC0AFCE3F59AF06311F048000FA11A50E2C7B55522EFE5
                                                                                                                                                                                                                                                                                                                                                                      Function 008A98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 008A98CC
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 008A98D6
                                                                                                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 008A98E9
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 008A98F1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 17d614107d90901e72335e0cb96e054e78f1ff6a5ca4cddd16df5d10a11ca089
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cc613b10b2ba7454426d4d5879d2da23f9ba84c9af7164d5a93a3698507a766e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17d614107d90901e72335e0cb96e054e78f1ff6a5ca4cddd16df5d10a11ca089
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69E0657125C680AADB315B75AC09BED3F10FB12336F048219F6F5940E2C3714651AB11
                                                                                                                                                                                                                                                                                                                                                                      Function 008F162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 008F1634
                                                                                                                                                                                                                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,008F11D9), ref: 008F163B
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008F11D9), ref: 008F1648
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,008F11D9), ref: 008F164F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b4c41071408deff3d9416af61e6acc2934f530c8444e7ede1762d5fda7be2996
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 45d9d1e0f13b3042dbbf4779e1874588660ee1a3d7240a26efdbe0d31aab375a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4c41071408deff3d9416af61e6acc2934f530c8444e7ede1762d5fda7be2996
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72E086B1655211DBDB301FB09D0DB5A3B7CFF54791F144808F345DA080D6388442D754
                                                                                                                                                                                                                                                                                                                                                                      Function 008ED858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 008ED858
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 008ED862
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008ED882
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 008ED8A3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: eb3103cd93b4075b57ee3a850edbd38abde5b2b4931f5a290020e80bf8c6cd86
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d1d083a760360a0b902bcd2a3f02459f12aad86d00a9109c261d778d1b5c5148
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb3103cd93b4075b57ee3a850edbd38abde5b2b4931f5a290020e80bf8c6cd86
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFE01AB1814209DFCF51AFA0D80C66DBBB1FB08710F148419F806E7250CB385902AF40
                                                                                                                                                                                                                                                                                                                                                                      Function 008ED86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 008ED86C
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 008ED876
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008ED882
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 008ED8A3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75315b9e7f102a52682c9c249b48fc9222a21a04290f68dfdaae7900e117d80b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e2351a7cd76e5f7e7912e87894e0742cf4ba641740ac6d54a06fc148bd825c9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75315b9e7f102a52682c9c249b48fc9222a21a04290f68dfdaae7900e117d80b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E046B1C18209EFCF60AFA0D80C66DBBB1FF08710F148008F80AE7250CB385902AF80
                                                                                                                                                                                                                                                                                                                                                                      Function 00904D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00897620: _wcslen.LIBCMT ref: 00897625
                                                                                                                                                                                                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00904ED4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d27ca6c756b8cc0354d4768e573cd853029d18ada021bb645ee4ca52210d48d7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 183ef9c6edd7a807e40c2337f49914a303ca38fe1b03c4fac9d790e340152397
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d27ca6c756b8cc0354d4768e573cd853029d18ada021bb645ee4ca52210d48d7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 009151B5A042059FCB14DF58C484EAABBF5FF44304F198099E60A9F3A2D735ED85CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 008BE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 008BE30D
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c726548844aef3ce719b6865fd9411d52276f7a285e14f39cf8f14852e957594
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 20fa2c59e782c4ba88b6bda300176c5591e2a39a43cb647f16fe087a964c32b4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c726548844aef3ce719b6865fd9411d52276f7a285e14f39cf8f14852e957594
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F515B61A1C6069ADB117718C941BFA2BF4FB40B40F34896CF096C23ADDB35CC959E86
                                                                                                                                                                                                                                                                                                                                                                      Function 008AE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 97dccae56cb8ee8da10713373f8c5abe5e5b9a90e185ffa66c0fad642bf68bea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f8ef2165b607d9e03b634b0d2b661fe02970c1cecece70b989dd2e5764a190c4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97dccae56cb8ee8da10713373f8c5abe5e5b9a90e185ffa66c0fad642bf68bea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2451127550429ADFEF25EF29C881ABA7BA8FF57310F244459FC91DB280D6309D42CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 008AF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 008AF2A2
                                                                                                                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 008AF2BB
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 396f1206c0c46b536047595e3d402307e9cf826c3e9a3e76436dec83b30b7549
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ce6f411bf9a209eaf79de95eb4acaef18f4010aae72db4202a84a3f047b74edf
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 396f1206c0c46b536047595e3d402307e9cf826c3e9a3e76436dec83b30b7549
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F51677241C7449BD720AF14D886BAFBBF8FB85300F85884CF29981195EB718569CB67
                                                                                                                                                                                                                                                                                                                                                                      Function 00915745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 009157E0
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 009157EC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c8835d47e2e1d1a3101d261c1cca08593c709b5e00a28cc8c203f3b21cd5ad55
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d602f0fcccb00ac9e8b770eb5f7f8abfaa145aeaeffce3a017b3d67ec40abfbe
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8835d47e2e1d1a3101d261c1cca08593c709b5e00a28cc8c203f3b21cd5ad55
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11417D71A00209DFCB14DFA9C8829EEBBB9FF99314F164169E505A72A1E7309D81CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 0090D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0090D130
                                                                                                                                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0090D13A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ad3ba355ab9312cd5846891ae46684a41b1536d3762e4f6a43cfd7d9d8c631f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 33c5594afe47378fce896c339df466befb8283bcf9c6d739f19472c644142d64
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ad3ba355ab9312cd5846891ae46684a41b1536d3762e4f6a43cfd7d9d8c631f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17311971D01219AFCF15EFE8CC85AEE7FB9FF04340F140019E815A6262EB31AA16DB51
                                                                                                                                                                                                                                                                                                                                                                      Function 0092356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 00923621
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0092365C
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d937954e42aac52663e3a669bea1b7360325e3b83b0058a507a3d4f9fbb53851
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3c6e0496939df917bd1463b9a8175ae3deff56ea1caa8e0628f72e13914536a2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d937954e42aac52663e3a669bea1b7360325e3b83b0058a507a3d4f9fbb53851
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD318F71110614AADB209F28EC81FBB73ADFF88724F108619F8A9D7280DA35AD91D760
                                                                                                                                                                                                                                                                                                                                                                      Function 00924537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0092461F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00924634
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 85003bc60696edba0970cb855c5c5e9ad547417e6ac508106c4823099a3b4894
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e32b0d08dea804f7eb8f3b34eab4c4846ea30159e321d09be7f1e0b9f970ee41
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85003bc60696edba0970cb855c5c5e9ad547417e6ac508106c4823099a3b4894
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27314A74A0131A9FDF14CFA9D980BDA7BB9FF09300F14406AE904AB345D770A941CF90
                                                                                                                                                                                                                                                                                                                                                                      Function 009231EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0092327C
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00923287
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 704d12aeadd0c078f551213144304156f8361c93d16cc908382c4e09f63dbab1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 35abfb027a21a278ef5ba2c6b02abe55fadc2ab6f0e35d08433aa45c0a44dfb0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 704d12aeadd0c078f551213144304156f8361c93d16cc908382c4e09f63dbab1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E110471300218BFFF21DF94EC80EBB3B6EEB94364F108128F928A7294D6359D519760
                                                                                                                                                                                                                                                                                                                                                                      Function 00923710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0089600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0089604C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0089600E: GetStockObject.GDI32(00000011), ref: 00896060
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0089600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0089606A
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0092377A
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00923794
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 57c62ec37b555fbefad97a555071acb8a64534806048a27fbdd303d71bbcddae
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e8a8300af1ff272f92cac695c1f4f4a7ba32b3b5dfdfc89effc6ef16af06e803
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57c62ec37b555fbefad97a555071acb8a64534806048a27fbdd303d71bbcddae
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 821129B261021AAFDF10DFA8DC45EEE7BB8FB08314F004914F955E2250E775E861DB50
                                                                                                                                                                                                                                                                                                                                                                      Function 0090CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0090CD7D
                                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0090CDA6
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: adb4467dd1f1cba49eb94e30712fa94470f1783abf24033a408e28cca90877e7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bc4460c4de04dc3bc633fafda91496d0f483812ac28c95858cbd0b6cb006e0be
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adb4467dd1f1cba49eb94e30712fa94470f1783abf24033a408e28cca90877e7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B11A0B1215631BED7384B668C49EE7BEACEF127A4F00472AB109930C0E6649885D6F0
                                                                                                                                                                                                                                                                                                                                                                      Function 00923429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 009234AB
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009234BA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: feef85c44b3273d9faaf5d60dff90b1da49dc7881dbb9ac882c65b466c205cc3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5551a2ec559fce5342beab7cb2083a9c3832fa0b8cab1437240054476d5b39d7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: feef85c44b3273d9faaf5d60dff90b1da49dc7881dbb9ac882c65b466c205cc3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7211B271110118ABEB116F64EC40AAB376EEB04374F508754F961931E8C779DC519B50
                                                                                                                                                                                                                                                                                                                                                                      Function 008F6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?), ref: 008F6CB6
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 008F6CC2
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c775227b405f7c1e56afca3c9a7c6a2994927e3312464c6333682fe6ed635c95
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b889a45e179380783792d39e0dd16872db8edb0861e8ac35aaa2f06abe476c0a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c775227b405f7c1e56afca3c9a7c6a2994927e3312464c6333682fe6ed635c95
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C01C432A1052E9ACB20AFBDDC819BF77B5FB617147110628E9A2D6195FA32D920C650
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 008F1D4C
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 35431c7f3c0d3f3ec9d9c8e603b31364b4fabc731a6214101600162ff7677709
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a7232112114af1511888f2b58acdf2c4166093011fd0cc40a439492bbe7d734
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35431c7f3c0d3f3ec9d9c8e603b31364b4fabc731a6214101600162ff7677709
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA019E7160121CAB8F18FBB9CC698FE73A8FB46354B04061EF962A72D1EA3159088661
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 008F1C46
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 01aec8b75e8d8c6e306912170e59bb474f8d2614d2c9829cbc4c0db504ba23eb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: abacfa5fe9ed7903835757bdf3ed4032d8a35a9b5d64eb5501945c5438419398
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01aec8b75e8d8c6e306912170e59bb474f8d2614d2c9829cbc4c0db504ba23eb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A501847568110CA6CF14FBA9C9659FF77A8FB61344F140019EA56F7282EA209B08D6B2
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 008F1CC8
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4a446b29b8aa5ae001f866b66e001c88d7215ce3cd707451f553d78ea8ca90ee
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c70b375d115e2d6a206ae9350af5aac3e2ee7cc38ae6c14e0ea95ddc90a7a618
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a446b29b8aa5ae001f866b66e001c88d7215ce3cd707451f553d78ea8ca90ee
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C01DB71A4011CA7CF14FBB9CE15AFE77A8FB11344F140019B952F3281EA219F08C672
                                                                                                                                                                                                                                                                                                                                                                      Function 008F1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00899CB3: _wcslen.LIBCMT ref: 00899CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008F3CCA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 008F1DD3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c094a9082f924796f96d13966fe442360c8bf41040437831a0f607f8288af5ca
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e27e3044c3c43a1efd4ed41200dee472fb466408b8f271f0c69d6a45b6827a2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c094a9082f924796f96d13966fe442360c8bf41040437831a0f607f8288af5ca
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10F0A471A4121DA6DF14FBBDCC66AFE77B8FB41354F080919F962E32C2DA605A088261
                                                                                                                                                                                                                                                                                                                                                                      Function 0091747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 51bdc0981eba0067d64e8bba9b0b7e7dadd657812850740f46de180f2bf04455
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ccb18a867a110d3cd584ac7405d563808b1caca59a5b7e87f4cefea30b0b062
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51bdc0981eba0067d64e8bba9b0b7e7dadd657812850740f46de180f2bf04455
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63E0931571521110533112BEACC25FFDA9EDFC57517141417F945C23B7D6548DD193A1
                                                                                                                                                                                                                                                                                                                                                                      Function 008F0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 008F0B23
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cfd2f452f97010cf900ebd8216c658e8402ed79f44901708d88319d56d1a7f22
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 79d1b34979f8825693da7cd9c45fdfcd54ad2b71bbd0195dc54c43491d67ceb8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfd2f452f97010cf900ebd8216c658e8402ed79f44901708d88319d56d1a7f22
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75E0D8712443183AD22437987C03F8D7AC4EF05B65F100426FB88D55C38AE164A006EB
                                                                                                                                                                                                                                                                                                                                                                      Function 008B0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008AF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,008B0D71,?,?,?,0089100A), ref: 008AF7CE
                                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,0089100A), ref: 008B0D75
                                                                                                                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0089100A), ref: 008B0D84
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008B0D7F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e98187f232b8467cc365c7cd1f765f001b969a9d1dd04f8f425674ef77066a75
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d646998588b46130a2f3afb4fecbde7ce1920fd40d686c662604a90993414a1c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e98187f232b8467cc365c7cd1f765f001b969a9d1dd04f8f425674ef77066a75
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46E039B02007518BD7309FA8E4087867BE0FB00744F084A2DE492C6796DBB0E4499F91
                                                                                                                                                                                                                                                                                                                                                                      Function 00903017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0090302F
                                                                                                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00903044
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d4012091efd5484bd595383e65a2380cf9f2718dcfc6d7b6bf61e24a1f63977f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0394b88951df0064eaec9f4940d163594cc46867615844116412a8ab2b47e187
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4012091efd5484bd595383e65a2380cf9f2718dcfc6d7b6bf61e24a1f63977f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90D05EB2500328B7DA30A7A5AC0EFCB3A6CDB04751F4002A1BA65E2095DEB0D989CBD0
                                                                                                                                                                                                                                                                                                                                                                      Function 00922322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0092232C
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0092233F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 82322f1408afeb82d1c8fb161d120173cc8cda0002a7367d1852b9836bcaf9e0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fc6f4ea7844e00c6cff70682b6c522e98cc019e8476d8e7ef0982aac0d4d25bf
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82322f1408afeb82d1c8fb161d120173cc8cda0002a7367d1852b9836bcaf9e0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79D0A9723A8300B6E274A730AC0FFCA6A04AB00B00F000A06B705AA0E0C8F0A8028A10
                                                                                                                                                                                                                                                                                                                                                                      Function 00922356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0092236C
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 00922373
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 008FE97B: Sleep.KERNEL32 ref: 008FE9F3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d899c4ceed68254f761c66023bfdba019560ae0b347000d421f9f6efded274e5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 513052c7c9e4d86b2dcba99e51c63b9c590a32d61a2473f2823d5ebfbd0ef576
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d899c4ceed68254f761c66023bfdba019560ae0b347000d421f9f6efded274e5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0D0A972398300BAE274A730AC0FFCA6A04AB04B00F000A06B701EA0E0C8F0A8028A14
                                                                                                                                                                                                                                                                                                                                                                      Function 008CBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 008CBE93
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 008CBEA1
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008CBEFC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1379303701.0000000000891000.00000020.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379247452.0000000000890000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.000000000092C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379452743.0000000000952000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379584246.000000000095C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1379624334.0000000000964000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_890000_nM0h824cc3.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 592420267e7f047f2d6918299a6d4389c1436ca798cf8bcf1322cb577a9e8e7a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e805b988fc35f49ccc34fe6ef4027bca71bf8c7ff91eadd3fe229f692f2db99d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 592420267e7f047f2d6918299a6d4389c1436ca798cf8bcf1322cb577a9e8e7a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7141CF34614A16ABDB218FA8CC46FAA7BB4FF41720F14416DF959DB2A1DB30CC01DB61